f88bddf6313044145eeaf098b3b80196c172119280de056cc2a1e74935f585d3

Analysis

max time kernel
140s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20-03-2024 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f88bddf6313044145eeaf098b3b80196c172119280de056cc2a1e74935f585d3.exe
Size

398KB
MD5

e8cfd4b9cba73fce65cbcb10a9bb191d
SHA1

fdf4dd9e795db452d9238787c4b81f66de2991dc
SHA256

f88bddf6313044145eeaf098b3b80196c172119280de056cc2a1e74935f585d3
SHA512

aa91a83bd075f626502546c4e8348beba532a06230cf7b654da29fbfbeb7132ae8d5cac615d2e09f4c5afb7d5560997e8ede20b590f7a7a67b06e903c3457cfc
SSDEEP

3072:8twizQTj8CSUYf8W3nSjen++Bj88OZS0/Qe2HdOylqwvtexB3n9Gbpz4p92i13Uz:suj8NDF3OR9/Qe2HdJf+3wbGp91Uz

Score

9^/10

Malware Config

Signatures

Detects executables packed with ASPack 46 IoCs

resource	yara_rule
behavioral2/files/0x000800000002324b-4.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-6.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-5.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-11.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-13.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-12.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-15.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-16.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-17.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-25.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-26.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-27.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-29.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-31.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-33.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-34.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-35.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-37.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-38.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-39.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-41.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-45.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-46.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-48.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-50.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-52.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-53.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-54.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-56.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-58.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-59.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-60.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-61.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-62.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-65.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-66.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-67.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-69.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-68.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-70.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-71.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-73.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-75.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324c-74.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x000800000002324b-63.dat	INDICATOR_EXE_Packed_ASPack
behavioral2/files/0x0007000000023252-23.dat	INDICATOR_EXE_Packed_ASPack

Executes dropped EXE 64 IoCs

pid	Process
5064	casino_extensions.exe
3776	Casino_ext.exe
2376	casino_extensions.exe
2320	Casino_ext.exe
1764	casino_extensions.exe
2592	Casino_ext.exe
2860	casino_extensions.exe
744	Casino_ext.exe
4740	LiveMessageCenter.exe
2096	casino_extensions.exe
4636	Casino_ext.exe
4432	casino_extensions.exe
1204	Casino_ext.exe
4372	casino_extensions.exe
1148	Casino_ext.exe
2100	casino_extensions.exe
548	Casino_ext.exe
4444	casino_extensions.exe
1440	Casino_ext.exe
4344	casino_extensions.exe
2308	Casino_ext.exe
4000	casino_extensions.exe
1188	Casino_ext.exe
3708	casino_extensions.exe
2728	Casino_ext.exe
1940	casino_extensions.exe
1512	Casino_ext.exe
1348	casino_extensions.exe
448	Casino_ext.exe
384	casino_extensions.exe
2424	Casino_ext.exe
3788	casino_extensions.exe
3296	Casino_ext.exe
3408	casino_extensions.exe
2704	Casino_ext.exe
4432	casino_extensions.exe
112	Casino_ext.exe
3476	casino_extensions.exe
4544	Casino_ext.exe
4460	casino_extensions.exe
4704	Casino_ext.exe
3064	casino_extensions.exe
1440	Casino_ext.exe
4852	casino_extensions.exe
1388	Casino_ext.exe
3564	casino_extensions.exe
2160	Casino_ext.exe
3724	casino_extensions.exe
368	Casino_ext.exe
1008	casino_extensions.exe
1344	Casino_ext.exe
880	casino_extensions.exe
3168	Casino_ext.exe
744	casino_extensions.exe
3296	Casino_ext.exe
4636	casino_extensions.exe
3672	Casino_ext.exe
1392	casino_extensions.exe
2888	Casino_ext.exe
4544	casino_extensions.exe
2324	Casino_ext.exe
2204	casino_extensions.exe
4344	Casino_ext.exe
3064	casino_extensions.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\LiveMessageCenter.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File created	C:\Windows\SysWOW64\LiveMessageCenter.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3776	Casino_ext.exe
3776	Casino_ext.exe
2320	Casino_ext.exe
2320	Casino_ext.exe
2592	Casino_ext.exe
2592	Casino_ext.exe
744	Casino_ext.exe
744	Casino_ext.exe
4740	LiveMessageCenter.exe
4740	LiveMessageCenter.exe
4636	Casino_ext.exe
4636	Casino_ext.exe
1204	Casino_ext.exe
1204	Casino_ext.exe
1148	Casino_ext.exe
1148	Casino_ext.exe
548	Casino_ext.exe
548	Casino_ext.exe
1440	Casino_ext.exe
1440	Casino_ext.exe
2308	Casino_ext.exe
2308	Casino_ext.exe
1188	Casino_ext.exe
1188	Casino_ext.exe
2728	Casino_ext.exe
2728	Casino_ext.exe
1512	Casino_ext.exe
1512	Casino_ext.exe
448	Casino_ext.exe
448	Casino_ext.exe
2424	Casino_ext.exe
2424	Casino_ext.exe
3296	Casino_ext.exe
3296	Casino_ext.exe
2704	Casino_ext.exe
2704	Casino_ext.exe
112	Casino_ext.exe
112	Casino_ext.exe
4544	Casino_ext.exe
4544	Casino_ext.exe
4704	Casino_ext.exe
4704	Casino_ext.exe
1440	Casino_ext.exe
1440	Casino_ext.exe
1388	Casino_ext.exe
1388	Casino_ext.exe
2160	Casino_ext.exe
2160	Casino_ext.exe
368	Casino_ext.exe
368	Casino_ext.exe
1344	Casino_ext.exe
1344	Casino_ext.exe
3168	Casino_ext.exe
3168	Casino_ext.exe
3296	Casino_ext.exe
3296	Casino_ext.exe
3672	Casino_ext.exe
3672	Casino_ext.exe
2888	Casino_ext.exe
2888	Casino_ext.exe
2324	Casino_ext.exe
2324	Casino_ext.exe
4344	Casino_ext.exe
4344	Casino_ext.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4776	f88bddf6313044145eeaf098b3b80196c172119280de056cc2a1e74935f585d3.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4776 wrote to memory of 1976	4776	f88bddf6313044145eeaf098b3b80196c172119280de056cc2a1e74935f585d3.exe	100
PID 4776 wrote to memory of 1976	4776	f88bddf6313044145eeaf098b3b80196c172119280de056cc2a1e74935f585d3.exe	100
PID 4776 wrote to memory of 1976	4776	f88bddf6313044145eeaf098b3b80196c172119280de056cc2a1e74935f585d3.exe	100
PID 1976 wrote to memory of 5064	1976	casino_extensions.exe	101
PID 1976 wrote to memory of 5064	1976	casino_extensions.exe	101
PID 1976 wrote to memory of 5064	1976	casino_extensions.exe	101
PID 5064 wrote to memory of 3776	5064	casino_extensions.exe	139
PID 5064 wrote to memory of 3776	5064	casino_extensions.exe	139
PID 5064 wrote to memory of 3776	5064	casino_extensions.exe	139
PID 3776 wrote to memory of 1304	3776	Casino_ext.exe	175
PID 3776 wrote to memory of 1304	3776	Casino_ext.exe	175
PID 3776 wrote to memory of 1304	3776	Casino_ext.exe	175
PID 1304 wrote to memory of 2376	1304	casino_extensions.exe	205
PID 1304 wrote to memory of 2376	1304	casino_extensions.exe	205
PID 1304 wrote to memory of 2376	1304	casino_extensions.exe	205
PID 2376 wrote to memory of 2320	2376	casino_extensions.exe	523
PID 2376 wrote to memory of 2320	2376	casino_extensions.exe	523
PID 2376 wrote to memory of 2320	2376	casino_extensions.exe	523
PID 2320 wrote to memory of 936	2320	Casino_ext.exe	521
PID 2320 wrote to memory of 936	2320	Casino_ext.exe	521
PID 2320 wrote to memory of 936	2320	Casino_ext.exe	521
PID 936 wrote to memory of 1764	936	casino_extensions.exe	500
PID 936 wrote to memory of 1764	936	casino_extensions.exe	500
PID 936 wrote to memory of 1764	936	casino_extensions.exe	500
PID 1764 wrote to memory of 2592	1764	casino_extensions.exe	108
PID 1764 wrote to memory of 2592	1764	casino_extensions.exe	108
PID 1764 wrote to memory of 2592	1764	casino_extensions.exe	108
PID 2592 wrote to memory of 3244	2592	Casino_ext.exe	109
PID 2592 wrote to memory of 3244	2592	Casino_ext.exe	109
PID 2592 wrote to memory of 3244	2592	Casino_ext.exe	109
PID 3244 wrote to memory of 2860	3244	casino_extensions.exe	178
PID 3244 wrote to memory of 2860	3244	casino_extensions.exe	178
PID 3244 wrote to memory of 2860	3244	casino_extensions.exe	178
PID 2860 wrote to memory of 744	2860	casino_extensions.exe	148
PID 2860 wrote to memory of 744	2860	casino_extensions.exe	148
PID 2860 wrote to memory of 744	2860	casino_extensions.exe	148
PID 744 wrote to memory of 3784	744	Casino_ext.exe	603
PID 744 wrote to memory of 3784	744	Casino_ext.exe	603
PID 744 wrote to memory of 3784	744	Casino_ext.exe	603
PID 3784 wrote to memory of 4740	3784	casino_extensions.exe	503
PID 3784 wrote to memory of 4740	3784	casino_extensions.exe	503
PID 3784 wrote to memory of 4740	3784	casino_extensions.exe	503
PID 4740 wrote to memory of 2932	4740	LiveMessageCenter.exe	449
PID 4740 wrote to memory of 2932	4740	LiveMessageCenter.exe	449
PID 4740 wrote to memory of 2932	4740	LiveMessageCenter.exe	449
PID 2932 wrote to memory of 2096	2932	casino_extensions.exe	576
PID 2932 wrote to memory of 2096	2932	casino_extensions.exe	576
PID 2932 wrote to memory of 2096	2932	casino_extensions.exe	576
PID 2096 wrote to memory of 4636	2096	casino_extensions.exe	624
PID 2096 wrote to memory of 4636	2096	casino_extensions.exe	624
PID 2096 wrote to memory of 4636	2096	casino_extensions.exe	624
PID 4636 wrote to memory of 4272	4636	Casino_ext.exe	118
PID 4636 wrote to memory of 4272	4636	Casino_ext.exe	118
PID 4636 wrote to memory of 4272	4636	Casino_ext.exe	118
PID 4272 wrote to memory of 4432	4272	casino_extensions.exe	119
PID 4272 wrote to memory of 4432	4272	casino_extensions.exe	119
PID 4272 wrote to memory of 4432	4272	casino_extensions.exe	119
PID 4432 wrote to memory of 1204	4432	casino_extensions.exe	676
PID 4432 wrote to memory of 1204	4432	casino_extensions.exe	676
PID 4432 wrote to memory of 1204	4432	casino_extensions.exe	676
PID 1204 wrote to memory of 1392	1204	Casino_ext.exe	301
PID 1204 wrote to memory of 1392	1204	Casino_ext.exe	301
PID 1204 wrote to memory of 1392	1204	Casino_ext.exe	301
PID 1392 wrote to memory of 4372	1392	casino_extensions.exe	729

C:\Users\Admin\AppData\Local\Temp\f88bddf6313044145eeaf098b3b80196c172119280de056cc2a1e74935f585d3.exe
"C:\Users\Admin\AppData\Local\Temp\f88bddf6313044145eeaf098b3b80196c172119280de056cc2a1e74935f585d3.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:4776
- C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
  "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1976
- - C:\Windows\SysWOW64\casino_extensions.exe
    C:\Windows\system32\casino_extensions.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:5064
  - - C:\Windows\SysWOW64\Casino_ext.exe
      C:\Windows\SysWOW64\Casino_ext.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3776
    - - C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        5⤵
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1304
      - C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2376
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2320
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:936
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1764
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        10⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2592
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:3244
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2860
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        13⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:744
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        14⤵
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3784
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe /part2
        15⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4740
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:2932
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        17⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious use of WriteProcessMemory
        
        PID:2096
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        18⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4636
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        19⤵
        Suspicious use of WriteProcessMemory
        
        PID:4272
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        20⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4432
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        21⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1204
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:1392
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        23⤵
        Executes dropped EXE
        
        PID:4372
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        24⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1148
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        25⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        26⤵
        Executes dropped EXE
        
        PID:2100
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        27⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:548
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        28⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        29⤵
        Executes dropped EXE
        
        PID:4444
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        30⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:1440
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        31⤵
        Drops file in System32 directory
        
        PID:4852
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        32⤵
        Executes dropped EXE
        
        PID:4344
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        33⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2308
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        34⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        35⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:4000
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        36⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1188
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        37⤵
        Drops file in System32 directory
        
        PID:1372
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        38⤵
        Executes dropped EXE
        
        PID:3708
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        39⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2728
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        40⤵
        Drops file in System32 directory
        
        PID:3776
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        41⤵
        Executes dropped EXE
        
        PID:1940
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        42⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:1512
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        43⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        44⤵
        Executes dropped EXE
        
        PID:1348
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        45⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:448
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        46⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        47⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:384
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        48⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2424
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        49⤵
        Drops file in System32 directory
        
        PID:744
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        50⤵
        Executes dropped EXE
        
        PID:3788
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        51⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3296
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        52⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        53⤵
        Executes dropped EXE
        
        PID:3408
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        54⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2704
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        55⤵
        
        PID:400
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        56⤵
        Executes dropped EXE
        
        PID:4432
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        57⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:112
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        58⤵
        Drops file in System32 directory
        
        PID:696
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        59⤵
        Executes dropped EXE
        
        PID:3476
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        60⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4544
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        61⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        62⤵
        Executes dropped EXE
        
        PID:4460
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        63⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4704
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        64⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        65⤵
        Executes dropped EXE
        
        PID:3064
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        66⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1440
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        67⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        68⤵
        Executes dropped EXE
        
        PID:4852
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        69⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1388
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        70⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        71⤵
        Executes dropped EXE
        
        PID:3564
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        72⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:2160
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        73⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        74⤵
        Executes dropped EXE
        
        PID:3724
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        75⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:368
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        76⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        77⤵
        Executes dropped EXE
        
        PID:1008
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        78⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1344
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        79⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        80⤵
        Executes dropped EXE
        
        PID:880
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        81⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3168
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        82⤵
        Drops file in System32 directory
        
        PID:2128
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        83⤵
        Executes dropped EXE
        
        PID:744
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        84⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3296
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        85⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        86⤵
        Executes dropped EXE
        
        PID:4636
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        87⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3672
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        88⤵
        
        PID:400
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        89⤵
        Executes dropped EXE
        
        PID:1392
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        90⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2888
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        91⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        92⤵
        Executes dropped EXE
        
        PID:4544
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        93⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2324
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        94⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        95⤵
        Executes dropped EXE
        
        PID:2204
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        96⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4344
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        97⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        98⤵
        Executes dropped EXE
        
        PID:3064
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        99⤵
        
        PID:3440
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        100⤵
        Drops file in System32 directory
        
        PID:1188
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        101⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        102⤵
        
        PID:936
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        103⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        104⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        105⤵
        
        PID:3760
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        106⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        107⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        108⤵
        
        PID:3220
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        109⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        110⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        111⤵
        
        PID:3900
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        112⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        113⤵
        
        PID:656
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        114⤵
        
        PID:4740
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        115⤵
        Drops file in System32 directory
        
        PID:880
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        116⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        117⤵
        
        PID:4044
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        118⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        119⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        120⤵
        Drops file in Program Files directory
        
        PID:4916
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        121⤵
        Drops file in System32 directory
        
        PID:4828
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        122⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        123⤵
        
        PID:1380
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        124⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        125⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        126⤵
        
        PID:400
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        127⤵
        Drops file in System32 directory
        
        PID:2888
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        128⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        129⤵
        
        PID:3476
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        130⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        131⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        132⤵
        
        PID:4912
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        133⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        134⤵
        Drops file in Program Files directory
        
        PID:4292
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        135⤵
        
        PID:1000
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        136⤵
        Drops file in System32 directory
        
        PID:3160
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        137⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        138⤵
        
        PID:2320
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        139⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        140⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        141⤵
        
        PID:3736
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        142⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        143⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        144⤵
        
        PID:1304
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        145⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        146⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        147⤵
        
        PID:2592
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        148⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        149⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        150⤵
        
        PID:3788
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        151⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        152⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        153⤵
        
        PID:4740
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        154⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        155⤵
        
        PID:880
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        156⤵
        
        PID:4044
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        157⤵
        
        PID:948
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        158⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        159⤵
        
        PID:112
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        160⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        161⤵
        Drops file in Program Files directory
        
        PID:2668
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        162⤵
        
        PID:4904
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        163⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        164⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        165⤵
        
        PID:4844
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        166⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        167⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        168⤵
        
        PID:3276
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        169⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        170⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        171⤵
        
        PID:1968
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        172⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        173⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        174⤵
        
        PID:3632
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        175⤵
        
        PID:1000
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        176⤵
        
        PID:936
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        177⤵
        
        PID:2728
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        178⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        179⤵
        Drops file in Program Files directory
        
        PID:1348
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        180⤵
        
        PID:4568
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        181⤵
        Drops file in System32 directory
        
        PID:384
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        182⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        183⤵
        
        PID:1492
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        184⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        185⤵
        Drops file in Program Files directory
        
        PID:1376
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        186⤵
        Drops file in Program Files directory
        
        PID:1008
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        187⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        188⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        189⤵
        Drops file in Program Files directory
        
        PID:2096
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        190⤵
        Drops file in System32 directory
        
        PID:3168
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        191⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        192⤵
        
        PID:3744
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        193⤵
        
        PID:744
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        194⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        195⤵
        Drops file in Program Files directory
        
        PID:3296
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        196⤵
        
        PID:880
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        197⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        198⤵
        
        PID:548
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        199⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        200⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        201⤵
        
        PID:2920
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        202⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        203⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        204⤵
        Drops file in Program Files directory
        
        PID:2324
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        205⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        206⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        207⤵
        
        PID:2204
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        208⤵
        
        PID:448
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        209⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        210⤵
        
        PID:1388
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        211⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        212⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        213⤵
        
        PID:3564
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        214⤵
        Drops file in System32 directory
        
        PID:3944
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        215⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        216⤵
        
        PID:4628
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        217⤵
        Drops file in System32 directory
        
        PID:4000
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        218⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        219⤵
        
        PID:4724
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        220⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        221⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        222⤵
        
        PID:320
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        223⤵
        
        PID:384
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        224⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        225⤵
        
        PID:4984
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        226⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        227⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        228⤵
        
        PID:2128
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        229⤵
        Drops file in System32 directory
        
        PID:3900
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        230⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        231⤵
        
        PID:1092
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        232⤵
        Drops file in System32 directory
        
        PID:1040
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        233⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        234⤵
        
        PID:4432
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        235⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        236⤵
        Drops file in Program Files directory
        
        PID:4608
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        237⤵
        
        PID:5068
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        238⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        239⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        240⤵
        
        PID:3672
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        241⤵
        Drops file in System32 directory
        
        PID:4460
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        242⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        243⤵
        
        PID:4808
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        244⤵
        Drops file in System32 directory
        
        PID:2888
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        245⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        246⤵
        
        PID:2156
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        247⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        248⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        249⤵
        Drops file in Program Files directory
        
        PID:4912
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        250⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        251⤵
        
        PID:448
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        252⤵
        
        PID:4292
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        253⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        254⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        255⤵
        
        PID:2716
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        256⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        257⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        258⤵
        
        PID:3944
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        259⤵
        
        PID:432
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        260⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        261⤵
        
        PID:4568
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        262⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        263⤵
        Drops file in Program Files directory
        
        PID:4724
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        264⤵
        
        PID:1492
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        265⤵
        Drops file in System32 directory
        
        PID:2040
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        266⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        267⤵
        
        PID:4468
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        268⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        269⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        270⤵
        
        PID:4440
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        271⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        272⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        273⤵
        
        PID:2480
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        274⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        275⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        276⤵
        
        PID:4916
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        277⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        278⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        279⤵
        
        PID:112
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        280⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        281⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        282⤵
        
        PID:3408
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        283⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        284⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        285⤵
        Drops file in Program Files directory
        
        PID:3428
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        286⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        287⤵
        
        PID:1440
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        288⤵
        
        PID:3528
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        289⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        290⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        291⤵
        
        PID:1388
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        292⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        293⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        294⤵
        
        PID:3564
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        295⤵
        Drops file in System32 directory
        
        PID:448
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        296⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        297⤵
        
        PID:2320
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        298⤵
        Drops file in System32 directory
        
        PID:2160
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        299⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        300⤵
        
        PID:4628
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        301⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        302⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        303⤵
        
        PID:3044
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        304⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        305⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        306⤵
        
        PID:4772
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        307⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        308⤵
        Drops file in Program Files directory
        
        PID:2592
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        309⤵
        
        PID:5000
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        310⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        311⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        312⤵
        
        PID:3244
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        313⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        314⤵
        Drops file in Program Files directory
        
        PID:1764
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        315⤵
        Drops file in Program Files directory
        
        PID:3900
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        316⤵
        Drops file in System32 directory
        
        PID:4972
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        317⤵
        Drops file in Program Files directory
        
        PID:2960
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        318⤵
        Drops file in Program Files directory
        
        PID:2480
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        319⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        320⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        321⤵
        
        PID:4916
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        322⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        323⤵
        Drops file in Program Files directory
        
        PID:3168
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        324⤵
        
        PID:2668
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        325⤵
        Drops file in System32 directory
        
        PID:548
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        326⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        327⤵
        
        PID:32
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        328⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        329⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        330⤵
        
        PID:1308
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        331⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        332⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        333⤵
        
        PID:2052
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        334⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        335⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        336⤵
        
        PID:1628
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        337⤵
        Drops file in System32 directory
        
        PID:1188
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        338⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        339⤵
        
        PID:1348
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        340⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        341⤵
        
        PID:448
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        342⤵
        
        PID:3160
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        343⤵
        Drops file in System32 directory
        
        PID:3708
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        344⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        345⤵
        
        PID:4184
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        346⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        347⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        348⤵
        
        PID:1976
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        349⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        350⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        351⤵
        
        PID:2376
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        352⤵
        Drops file in System32 directory
        
        PID:4772
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        353⤵
        
        PID:384
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        354⤵
        
        PID:2040
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        355⤵
        Drops file in System32 directory
        
        PID:1008
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        356⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        357⤵
        
        PID:4468
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        358⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        359⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        360⤵
        
        PID:3716
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        361⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        362⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        363⤵
        
        PID:4972
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        364⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        365⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        366⤵
        
        PID:3296
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        367⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        368⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        369⤵
        
        PID:3408
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        370⤵
        Drops file in System32 directory
        
        PID:3168
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        371⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        372⤵
        
        PID:2840
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        373⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        374⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        375⤵
        
        PID:2268
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        376⤵
        Drops file in System32 directory
        
        PID:3528
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        377⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        378⤵
        
        PID:2888
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        379⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        380⤵
        Drops file in Program Files directory
        
        PID:1336
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        381⤵
        
        PID:2456
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        382⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        383⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        384⤵
        
        PID:3440
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        385⤵
        
        PID:3188
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        386⤵
        
        PID:412
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        387⤵
        
        PID:1608
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        388⤵
        Drops file in System32 directory
        
        PID:3160
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        389⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        390⤵
        
        PID:1980
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        391⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        392⤵
        Drops file in Program Files directory
        
        PID:432
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        393⤵
        
        PID:1976
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        394⤵
        
        PID:320
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        395⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        396⤵
        
        PID:1376
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        397⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        398⤵
        Drops file in Program Files directory
        
        PID:2040
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        399⤵
        Drops file in Program Files directory
        
        PID:2068
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        400⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        401⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        402⤵
        
        PID:2128
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        403⤵
        Drops file in System32 directory
        
        PID:880
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        404⤵
        Drops file in Program Files directory
        
        PID:3316
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        405⤵
        
        PID:4240
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        406⤵
        
        PID:400
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        407⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        408⤵
        
        PID:2088
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        409⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        410⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        411⤵
        Drops file in Program Files directory
        
        PID:3168
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        412⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        413⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        414⤵
        
        PID:2268
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        415⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        416⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        417⤵
        
        PID:4344
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        418⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        419⤵
        
        PID:1188
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        420⤵
        
        PID:936
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        421⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        422⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        423⤵
        
        PID:3440
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        424⤵
        
        PID:412
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        425⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        426⤵
        
        PID:1848
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        427⤵
        
        PID:552
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        428⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        429⤵
        
        PID:3160
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        430⤵
        
        PID:392
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        431⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        432⤵
        
        PID:1304
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        433⤵
        
        PID:432
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        434⤵
        
        PID:112
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        435⤵
        
        PID:320
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        436⤵
        
        PID:384
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        437⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        438⤵
        
        PID:4468
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        439⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        440⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        441⤵
        
        PID:1380
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        442⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        443⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        444⤵
        Drops file in Program Files directory
        
        PID:500
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        445⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        446⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        447⤵
        
        PID:32
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        448⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        449⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        450⤵
        
        PID:1388
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        451⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        452⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        453⤵
        
        PID:4400
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        454⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        455⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        456⤵
        
        PID:3012
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        457⤵
        Drops file in System32 directory
        
        PID:4292
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        458⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        459⤵
        Drops file in Program Files directory
        
        PID:2052
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        460⤵
        Drops file in System32 directory
        
        PID:4444
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        461⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        462⤵
        
        PID:2160
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        463⤵
        Drops file in System32 directory
        
        PID:448
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        464⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        465⤵
        
        PID:224
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        466⤵
        
        PID:412
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        467⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        468⤵
        
        PID:552
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        469⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        470⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        471⤵
        
        PID:1976
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        472⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        473⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        474⤵
        
        PID:4772
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        475⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        476⤵
        Drops file in Program Files directory
        
        PID:1376
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        477⤵
        
        PID:384
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        478⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        479⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        480⤵
        
        PID:2040
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        481⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        482⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        483⤵
        
        PID:1652
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        484⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        485⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        486⤵
        
        PID:1440
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        487⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        488⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        489⤵
        
        PID:4372
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        490⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        491⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        492⤵
        
        PID:2596
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        493⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        494⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        495⤵
        
        PID:3168
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        496⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        497⤵
        
        PID:4544
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        498⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        499⤵
        
        PID:1000
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        500⤵
        
        PID:4400
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        501⤵
        Drops file in System32 directory
        
        PID:3992
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        502⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        503⤵
        Drops file in Program Files directory
        
        PID:2240
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        504⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        505⤵
        Drops file in Program Files directory
        
        PID:4628
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        506⤵
        
        PID:2052
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        507⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        508⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        509⤵
        
        PID:2160
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        510⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        511⤵
        
        PID:1760
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        512⤵
        
        PID:2728
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        513⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        514⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        515⤵
        
        PID:4184
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        516⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        517⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        518⤵
        
        PID:1304
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        519⤵
        Drops file in System32 directory
        
        PID:3264
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        520⤵
        
        PID:432
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        521⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        522⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        523⤵
        
        PID:4636
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        524⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        525⤵
        Drops file in Program Files directory
        
        PID:1380
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        526⤵
        
        PID:4904
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        527⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        528⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        529⤵
        
        PID:1572
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        530⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        531⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        532⤵
        Drops file in Program Files directory
        
        PID:5116
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        533⤵
        Drops file in System32 directory
        
        PID:2480
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        534⤵
        Drops file in Program Files directory
        
        PID:1440
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        535⤵
        
        PID:4632
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        536⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        537⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        538⤵
        
        PID:2704
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        539⤵
        Drops file in System32 directory
        
        PID:4548
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        540⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        541⤵
        Drops file in Program Files directory
        
        PID:4804
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        542⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        543⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        544⤵
        
        PID:3528
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        545⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        546⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        547⤵
        
        PID:4400
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        548⤵
        Drops file in System32 directory
        
        PID:1628
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        549⤵
        Drops file in Program Files directory
        
        PID:936
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        550⤵
        
        PID:2240
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        551⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        552⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        553⤵
        Drops file in Program Files directory
        
        PID:4628
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        554⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        555⤵
        
        PID:224
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        556⤵
        
        PID:4444
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        557⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        558⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        559⤵
        Drops file in Program Files directory
        
        PID:4724
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        560⤵
        Drops file in System32 directory
        
        PID:4132
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        561⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        562⤵
        Drops file in Program Files directory
        
        PID:1976
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        563⤵
        Drops file in System32 directory
        
        PID:3424
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        564⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        565⤵
        
        PID:3744
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        566⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        567⤵
        
        PID:432
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        568⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        569⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        570⤵
        
        PID:2128
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        571⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        572⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        573⤵
        
        PID:4916
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        574⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        575⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        576⤵
        
        PID:4684
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        577⤵
        Drops file in System32 directory
        
        PID:1084
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        578⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        579⤵
        
        PID:2172
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        580⤵
        Drops file in System32 directory
        
        PID:4372
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        581⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        582⤵
        
        PID:1536
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        583⤵
        
        PID:948
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        584⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        585⤵
        
        PID:4452
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        586⤵
        Drops file in System32 directory
        
        PID:1968
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        587⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        588⤵
        
        PID:3464
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        589⤵
        Drops file in System32 directory
        
        PID:4344
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        590⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        591⤵
        
        PID:3776
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        592⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        593⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        594⤵
        
        PID:3784
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        595⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        596⤵
        
        PID:936
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        597⤵
        
        PID:1580
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        598⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        599⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        600⤵
        
        PID:4628
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        601⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        602⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        603⤵
        
        PID:224
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        604⤵
        Drops file in System32 directory
        
        PID:4184
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        605⤵
        
        PID:548
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        606⤵
        
        PID:4724
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        607⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        608⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        609⤵
        
        PID:1976
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        610⤵
        
        PID:880
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        611⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        612⤵
        
        PID:2676
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        613⤵
        
        PID:384
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        614⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        615⤵
        
        PID:3536
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        616⤵
        Drops file in System32 directory
        
        PID:500
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        617⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        618⤵
        
        PID:1652
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        619⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        620⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        621⤵
        Drops file in Program Files directory
        
        PID:3800
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        622⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        623⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        624⤵
        
        PID:5116
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        625⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        626⤵
        
        PID:1440
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        627⤵
        
        PID:4632
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        628⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        629⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        630⤵
        
        PID:2932
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        631⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        632⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        633⤵
        
        PID:4852
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        634⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        635⤵
        Drops file in Program Files directory
        
        PID:368
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        636⤵
        Drops file in Program Files directory
        
        PID:2268
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        637⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        638⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        639⤵
        
        PID:1188
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        640⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        641⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        642⤵
        
        PID:3692
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        643⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        644⤵
        
        PID:3188
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        645⤵
        Drops file in Program Files directory
        
        PID:3096
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        646⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        647⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        648⤵
        
        PID:2992
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        649⤵
        
        PID:1760
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        650⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        651⤵
        
        PID:4000
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        652⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        653⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        654⤵
        
        PID:4184
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        655⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        656⤵
        Drops file in Program Files directory
        
        PID:3232
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        657⤵
        
        PID:3736
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        658⤵
        Drops file in System32 directory
        
        PID:3264
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        659⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        660⤵
        Drops file in Program Files directory
        
        PID:880
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        661⤵
        Drops file in System32 directory
        
        PID:1304
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        662⤵
        
        PID:432
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        663⤵
        
        PID:1464
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        664⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        665⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        666⤵
        
        PID:1764
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        667⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        668⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        669⤵
        
        PID:1844
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        670⤵
        Drops file in System32 directory
        
        PID:3252
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        671⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        672⤵
        
        PID:2420
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        673⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        674⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        675⤵
        
        PID:3476
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        676⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        677⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        678⤵
        
        PID:948
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        679⤵
        Drops file in System32 directory
        
        PID:4452
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        680⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        681⤵
        
        PID:3940
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        682⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        683⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        684⤵
        
        PID:1372
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        685⤵
        Drops file in System32 directory
        
        PID:368
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        686⤵
        Drops file in Program Files directory
        
        PID:3944
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        687⤵
        Drops file in Program Files directory
        
        PID:3168
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        688⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        689⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        690⤵
        
        PID:2472
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        691⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        692⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        693⤵
        
        PID:4484
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        694⤵
        
        PID:448
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        695⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        696⤵
        
        PID:2320
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        697⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        698⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        699⤵
        
        PID:552
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        700⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        701⤵
        Drops file in Program Files directory
        
        PID:2728
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        702⤵
        
        PID:5000
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        703⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        704⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        705⤵
        
        PID:4704
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        706⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        707⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        708⤵
        
        PID:4460
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        709⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        710⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        711⤵
        
        PID:2960
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        712⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        713⤵
        
        PID:384
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        714⤵
        
        PID:2716
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        715⤵
        Drops file in System32 directory
        
        PID:1572
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        716⤵
        Drops file in Program Files directory
        
        PID:4904
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        717⤵
        
        PID:1780
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        718⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        719⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        720⤵
        
        PID:1844
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        721⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        722⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        723⤵
        
        PID:4572
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        724⤵
        Drops file in System32 directory
        
        PID:1084
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        725⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        726⤵
        
        PID:2704
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        727⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        728⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        729⤵
        
        PID:2920
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        730⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        731⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        732⤵
        
        PID:3012
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        733⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        734⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        735⤵
        
        PID:368
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        736⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        737⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        738⤵
        
        PID:1348
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        739⤵
        Drops file in System32 directory
        
        PID:4344
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        740⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        741⤵
        
        PID:2240
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        742⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        743⤵
        
        PID:456
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        744⤵
        
        PID:448
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        745⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        746⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        747⤵
        
        PID:1760
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        748⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        749⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        750⤵
        
        PID:4492
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        751⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        752⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        753⤵
        
        PID:744
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        754⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        755⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        756⤵
        
        PID:1344
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        757⤵
        Drops file in System32 directory
        
        PID:3460
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        758⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        759⤵
        
        PID:4532
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        760⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        761⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        762⤵
        
        PID:2204
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        763⤵
        Drops file in System32 directory
        
        PID:384
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        764⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        765⤵
        
        PID:3184
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        766⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        767⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        768⤵
        Drops file in Program Files directory
        
        PID:4780
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        769⤵
        Drops file in System32 directory
        
        PID:2172
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        770⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        771⤵
        
        PID:1844
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        772⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        773⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        774⤵
        
        PID:4572
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        775⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        776⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        777⤵
        
        PID:2088
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        778⤵
        
        PID:1000
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        779⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        780⤵
        
        PID:1512
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        781⤵
        
        PID:1188
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        782⤵
        Drops file in Program Files directory
        
        PID:3760
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        783⤵
        
        PID:3524
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        784⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        785⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        786⤵
        
        PID:4060
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        787⤵
        
        PID:412
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        788⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        789⤵
        
        PID:1980
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        790⤵
        
        PID:656
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        791⤵
        
        PID:392
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        792⤵
        Drops file in Program Files directory
        
        PID:4604
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        793⤵
        Drops file in System32 directory
        
        PID:2852
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        794⤵
        Drops file in Program Files directory
        
        PID:1760
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        795⤵
        
        PID:4184
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        796⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        797⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        798⤵
        
        PID:3744
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        799⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        800⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        801⤵
        
        PID:4664
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        802⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        803⤵
        Drops file in Program Files directory
        
        PID:3244
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        804⤵
        
        PID:4440
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        805⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        806⤵
        
        PID:432
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        807⤵
        
        PID:1764
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        808⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        809⤵
        Drops file in Program Files directory
        
        PID:1464
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        810⤵
        
        PID:4712
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        811⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        812⤵
        
        PID:384
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        813⤵
        
        PID:1308
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        814⤵
        Drops file in System32 directory
        
        PID:3316
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        815⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        816⤵
        
        PID:4240
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        817⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        818⤵
        Drops file in Program Files directory
        
        PID:1336
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        819⤵
        
        PID:2888
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        820⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        821⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        822⤵
        
        PID:3064
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        823⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        824⤵
        Drops file in Program Files directory
        
        PID:3692
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        825⤵
        
        PID:2472
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        826⤵
        Drops file in System32 directory
        
        PID:3784
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        827⤵
        
        PID:772
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        828⤵
        
        PID:3440
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        829⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        830⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        831⤵
        
        PID:3004
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        832⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        833⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        834⤵
        
        PID:4628
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        835⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        836⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        837⤵
        
        PID:4604
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        838⤵
        
        PID:112
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        839⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        840⤵
        
        PID:1940
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        841⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        842⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        843⤵
        
        PID:4636
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        844⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        845⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        846⤵
        
        PID:2424
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        847⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        848⤵
        Drops file in Program Files directory
        
        PID:5048
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        849⤵
        
        PID:2028
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        850⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        851⤵
        
        PID:1572
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        852⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        853⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        854⤵
        
        PID:384
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        855⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c $$2028~1.BAT
        856⤵
        
        PID:1844
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        857⤵
        
        PID:2324

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:4740

C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe 1a391cb941affcc54af98641e57f8af3 LQzDFpYn1EiUOsDOJh72Nw.0.1.0.0.0
1⤵
PID:2704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4032 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
1⤵
PID:3940

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
1⤵
PID:1968

C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
1⤵
PID:4912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
1⤵
PID:3044

C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
1⤵
PID:3784

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:2532

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Casino_ext.exe

Filesize
65KB

MD5
fb9584fd7e7e5aa3746492624da9e7ef

SHA1
3933224e5d24d70f4185588af27cf4904dfd6ece

SHA256
25edcdab1fb002fc7502b706083b82c8631cbd5b811c07add12d578ffa7790b7

SHA512
f4eda6b27a3c24ee6a61efe79aecb6d80060114943fe93cc588beb9b3b94112f1447d7459667df10b7c2a03af2b9bbd42c032fe0a8315ad2db42590ac92a3a97

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
47KB

MD5
d619ad0791bde3628d4029ab03adf191

SHA1
ca8f36fca30d64f97893e7c888f64084180c3a2c

SHA256
47dce63e4c3b8e04fca998745bb8ac717b55a0c131def4d61caed0939e0f72b7

SHA512
ff72d42f1df552b7fdb1130221ff979e47b77a02e2e7a966d0c5d9b92242ede111c22bc768fe866867ab04cbd06fcf53a13c4ce316f41aaad4cf801090ee4b64

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
54KB

MD5
c95d7a171e8137be27675a33771b779d

SHA1
e7c8eb91d7e1b3284d15bd3364aa56ca48c7908e

SHA256
9e919caedcfb4a029f6b334219e870c1db803e4fb625e5dcf21befe338a5a0a2

SHA512
f998e9dab9a1e7ace9737a1d9e11b6ed54318541620cd4e50e77c4c873a6a2d66cfb9d87516ff8e0f47eb20038513f864cb3af9a857832032089ec4fd6493dc8

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
214KB

MD5
0d4167c82fd60cfe82f6389e20787711

SHA1
bdd7ba75b6b91f37e0bced8391d3b917676f7770

SHA256
ff7f40e6177daaec45cb7b247b8426452615c5b83101dac147c22bc930fd8e09

SHA512
ac0231b5a1686f1cda8820177c67a5c25c72778ff86ef85e906f3181ef21e2e0639986238fa0e663d845fb100c227ab347d51ce67c19ee3e9a55fe9e5bd25e48

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
153KB

MD5
8069e576eaec85eee0d33902ed48a402

SHA1
8c507af02b974e29fa857b56c5e03728e965ba9d

SHA256
0f36792663f553f49bff476de89052687d581f5fa801105e82243627f613b4cd

SHA512
9726943172b4317d0b7ea147f65cf74e70b6e320612a0a9c9015ff4941edbc432a5131242134a973cf763d74cd8c300433ab9abcb3df80eb961a6a57aae484a3

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
141KB

MD5
156e5ec05b652ba49c245a4cb57b4474

SHA1
81e2743ec0c2cdacde37d1b107c11d1ad6b7ae41

SHA256
f8d2778c77f7f2b0b20571915fafe911414eabb25dbdb663f3be2a6fef7e942f

SHA512
c6d45f4786e7b77e6b79e63a3ade21bf3909b53e5243cb38ec18fce2780170e0e05b8269f2a25d2d99f95a087c23cff1f7e1eecbc10bd60c8c5edafb002272c4

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
64KB

MD5
78c692390522933e5394242824cc65ec

SHA1
078752ca142064c4e4715d4fa26c0b23c6c1abc9

SHA256
109a1aed90487da096db1031df5a9e2519c71f7ee8e5c7d90bdbc0120f061e82

SHA512
1761fe56ae16b7dffa19459cd4b08a4d0de062d365d4a4775ce3571557878b5cd4ebc204a0475fe82c1a730bb9ad7a3442db9d58127852c5b15fee24fc0b8a65

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
42KB

MD5
1a8123206371369ff30b9536493b10da

SHA1
e6f8c3d8f5d22c095b70384d7815a6e9174bbc61

SHA256
4f6f0bac36e835571782e6513d4538a9877b3a91813f75bcbb76176824b6a2e4

SHA512
91a81b6aa8184fea6e99f6c8f5715cc6e3253c022e53ed964512528e9c44c6250df4ac31130d579a3f4b8675b9f49af75af7fd9f8ee3c7ce3fec0ab72884e168

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
97KB

MD5
882872112550935a25af9a0ca67ef129

SHA1
66f99acc9a5e85fdc843daac3dd266ca2bad8818

SHA256
341e1261b70ec5e50aa179b0e3395c769b5df75933d507f59a1418f0185f6d2b

SHA512
4e3d23ae1a1b87c24bef4bab725d468e9c91791b7b7f5ce6bd61efbb8e8bd54537ee11e2f300b05769e620ce5ad0a36c3209cf5045d38dbf8a56b522cc4bf0f7

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
32KB

MD5
7dc1faa17d0240547c44f7cc4a9000d5

SHA1
8303456b2c8a4c5bf52fc097a9ce1415af5f67a7

SHA256
b2a7d9c72721a96f9cfa28fa618e3ebd54b236d9bff07fcc2c4544b7e7c927b8

SHA512
79a3a2bfb87fdf00a7bf0181fdd57468306fff4f0201eb1534ec093e3f3edea5a2403f07275ce5731a5908241d7fd3790abc91ddd38d03d938c2852bebbe1a10

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
16KB

MD5
29d52ca7fb7796b325e3b8bb3295dac6

SHA1
3a088f3cbefc37c27bfe8595fc523878af8ec627

SHA256
155e680f81118600893d6064d254e1e4187541a3db37c60a0225325b71bce61e

SHA512
d153d4f95645fef41c1dd6cc95c1fdba76dbdc535bbf06d29971349acb778012d4af4618e68b70192000be42cac6e197f51bdd3b039b47c4b972f8781cd3dabb

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
20KB

MD5
1c35c1984bbd2d62c442a645d90beeff

SHA1
ca8e2c008bb75184efe38a53c848e2af4c8f8ad9

SHA256
06cbc870b06021af8b454c93aff8618749b37e65c2335508347fa3dbff3d6a48

SHA512
f6e336a58763115168ebc3cdf649d5abe1cb31a8b715215f46b7d78f21911c9a282cb9e0d464eebce37add93262e00ec0e7ce4807018fe5ecf83f02b407830ce

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
35KB

MD5
e2c443969ec6669a22055404cb67a25b

SHA1
edcb99311a22397d1870cba6708ec7640ec4ca1c

SHA256
39278a7876b067c5b8244d7ecf1ce68f31946669168379a2df78acf534725379

SHA512
9d7e68c7123cb938d6c606fa198d2302d47a1b7ea4ca5a9c40e0e7258f7fc818c5cdd1969ce2cbdb7eba8940b89268cdfeb18e7fee7063f231bd3ed2f0c1cf2c

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
8KB

MD5
bdb43b82cbb92ce44cf929dc64163fde

SHA1
a217acdee2ec0e9e64abf0796a494417b29553ab

SHA256
6e1f5fe94e6c11e642edcb7e40a3e43fc30637ec052dbc2bdafc1758b46f49c0

SHA512
115d29f149f15555630f058b7735f5976c3f029b84031810c7d5e140f20a618103282f5d7abebc164f1310dd8cd937e772a7df378cef59bea692740dc6e2e0dd

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
100KB

MD5
3eded6242c037e04abef20756051849b

SHA1
1577636ac57276cb93fe17adc35eed9ab132894d

SHA256
0b5c6d2c143694d866ed82a84d52e49608b5b14919f71aa82ad03daf8e66504b

SHA512
7d19e29e7f0564d310029bd83f0fb060ef8417a3c03bd1d35e0c7525504ca6530bd5642ba1111df9cb8eec2f7c0ed6a3306ab5d80542fd50ec508f2382b559e5

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
252KB

MD5
13ed18a9d9a0b3d9e5a68c72628991d3

SHA1
54a88c94576333c2da6554834443f4e0737f5450

SHA256
ce47323ecf961ec0a07f7c32eb729c09679a6971aa6e40883828a11ebb0600f0

SHA512
7e67101385ed0996d72946cd3fe9815c19bbf10f25e8f1b97465d5cef2ff343c2e0178f2919737a1993b326dbd16110a6219f076b8ff80eabdd169855c6fa103

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
153KB

MD5
517f21000a4863ea8330d4c96da305bb

SHA1
1f4ab8ca8ea7aa48be3cc680f39ad3fa1acd84d5

SHA256
55f24d315026566a6d72671e780f967fd7bc5c851052b45a49f8a44e7630db5c

SHA512
6c718a3809e49fa613f3c3c53073401c5ad3b39267a34d05d154c4e6477262613dc37ecd0675b42fb2d86b86ae5b472af4628fe7e86c79498e531fce7111e4e8

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
411KB

MD5
5dd9816d11c90c63c6dab619cf69db26

SHA1
c2118d91e248238a9ece5fe82fdf95324fa96c56

SHA256
5ece43fd240aaf61f8f6c8fef4de439f72aa09296a018a16d1750e85c5de9130

SHA512
5aa3e0f7215d1482bf2c7ce95a464c27b2265411a553dd643b21ef130b5fddbfcde56c01703ba70ea772c8949a5315083a8d76bd679939fc96d3b491dac146f5

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
95KB

MD5
427cd55fa339567b2c580c4a6973f749

SHA1
b9e1b88ecfa1f8b7c72533fe5e66a38e4621f39a

SHA256
5d39ea68ba7930ef410032f6ca8d17ff8786761334b43695a002ca1c30c65ac5

SHA512
c15ad5ae6c2013e729487b4d5ed4830d783e212054639a945798fe24647ff084d0933d343a92b7988dd6694127a67a01464e734f23e5fc70601b395bdc060c3c

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
171KB

MD5
19f94de1f272ef235e6197ab6eadea01

SHA1
b08650f5d723a2666282cd7e72484021b836b0d9

SHA256
9fa879d7691a4b361f5156ecc10cd94ec6cb3b72af1939b0e9bac774d61dc98d

SHA512
418e711afc3bcd0dfec480543be2ec0eddb67578abc8ea15f995ba6ce850e92b1373fd47df92c493617e5e8479165d2d85792d59ad1dee10997ee7af510cb512

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
120KB

MD5
e6634607f64496fd36f13b5ea67d41af

SHA1
2af65c1929935f07528252602386e17572994c4e

SHA256
b39a4773077834cd48eb330351bb5f36740d12c763173f3a09c475fb0e1946fc

SHA512
f0d641fe8c6196f72818298f509d803566df6064d33353e799af41fa13a3a77e9e83e3b7a32de7d2efbcfe91cbab33b7f9f37e12fc47a36beef5729a41e88e57

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
75KB

MD5
e872bf173db0423bb4d53d95e78d8f54

SHA1
3181d2355973bec51a7c92cc3091bb1ef01babd7

SHA256
76d6503b488f1ee9e9ba1bc6937b51f782745ec0039457307def2cb6e352d7ff

SHA512
300d9afa0c778e705d6088fc60c27a53e316bffbefdee9dc0946ce5f75eabc45fb561b517efb35dc1488149de9312832dc45c909fdd93acb0dfe7c09dc6dae76

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
19KB

MD5
1618439d7a8ca636709ca7459a43e7cb

SHA1
7ac0786692fdcfeeec331a5b8623399bfe891cbe

SHA256
7172e82585b05ebd81e459cf75ab34ba60a127033364f4ab01e765a8864ec7b3

SHA512
bad1d173b42b7cbcc4c2c471b16f67b7bfa20da8b6c559b53dea904995aab59c87c137e25890c2323a84e2876c52a7ccafb6e132bba7365bd4b0144ffa39375d

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
103KB

MD5
40fd4dfea9d048f07c49279061fe521e

SHA1
2c104ba8f334367fd63e0f8f2d2a807abe48edf5

SHA256
d238fa97b8388422a4e51d870acf0815701f265d87cfb5482655c5d6fe4dd5fe

SHA512
6144c08dde7c7c754e774b6e5b8ae6479dccb0bde8ca39928e4f19a909bc1880753e8600dc3ec4e22a34bf2db35d2efcf6b8668ee5aea882f60af181184b5aae

Download Submit
C:\Windows\SysWOW64\LiveMessageCenter.exe

Filesize
401KB

MD5
b4eccf7dd80f769c2d353e6aa96cf090

SHA1
68a5b91b362544168300223ae2701264cdc68872

SHA256
3efe35f91ab8ebe0a1f3d684b90f787eb7a7c069763d221ba1ea5ce0f88e2a17

SHA512
075c12dc32b26485d27b3959dcd8817d00dc7044287e01f7f5702ea43bb1e5c86e1b257a2fef8014dbc344e793f17315f2a9d9c80b612bce76a9fcefd00951d0

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
180KB

MD5
9fb607933dd2dcc35722ef1cb4acd0e7

SHA1
8646fd0b4e90f9ee633f4d58ef32b6834ec0797c

SHA256
e9f3d6c0eee7cc3a1769573911e412fa16afced7d2b0341148e21c2c819b685e

SHA512
4ed438ac8376a8cb9946ad56c0d933903258fc6cb0ca3540eea9c8614ea56aa2290f8aa7a263b18e791e15a57b5cb1f8f3273335fbf4482c09365bd9b9f30c5f

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
247KB

MD5
226b7416f79bea97b4ce6c1400d7df44

SHA1
2b2d493cf3ea7708cef5ce60c12ce346fcbf4b5b

SHA256
6fe287223eab1d787a1e7a9db041deffebb805c385575099064bb6293e4936be

SHA512
182aee4762e1dcb692d917c26965e68a8c287e79d76ff34c4d05d89d3d971b1a12b77cba8b5f41f4d50a39ec7ff557012867b015340fff73852c47c333b154ed

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
195KB

MD5
fae3d1bee85d8ed12b293e3eb5fffbcc

SHA1
ac7d49d950a7409788ef5596af96440ade796e0a

SHA256
023887c53daae068ba0cc7f6cb622bba5276405c40ff58c4ba9f9ac8e19391bd

SHA512
d377afdd02e9de5c59c86239649811b4ce2ab9d33b305a53f25eb31181c3e8bfe4965c5ce77b3d03e822f35d72b18c99d8702de30d33187ecb2223d0a0e0c3ef

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
34KB

MD5
95220e09a20cf20db29de2f3fb176629

SHA1
afe62436f41bf89b4b2d7a4d28415c848bb285b0

SHA256
f15aab3315659e44c6023a3adcce6565e42f216154faf5d14ff5be79a6eadb25

SHA512
75edcb0c66ad06f74eca1e30f97907dd434821474ccd4eedb49179761cd3889bd8d8de3846f303a7a79d8fe86e9c893c889f10f1e099dd7451975b02ec353d8e

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
64KB

MD5
305a0247e437445de1a01392fcc5b0ae

SHA1
3856c8d4a750a94fe6f565ae51c5686db41ae1e0

SHA256
19835a6d0eafcffbc08907b68db7ad805b5cb7c080f14d38c8a6fa7130476414

SHA512
36516aa276a90e4c2fdd6a23074d808530f89d4d9b36b015961caf5e2dede9024682447d373c647614201635c0ae882e8158919ea3d94bcef5e5f52950f4213d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
102KB

MD5
a5b4377550321463375b111657bf18f5

SHA1
e0bb23fae6b9ab65da39b69cb2d21370d11be711

SHA256
cc95cafc23a8e25d08df2c48d9c38598d25e1a7db450bceb1a9b7bd48cc0cac4

SHA512
3f77788bc463466ac7e66c274fc37208e9356419a769da570c2a469b0016a24525b5b0169540f75b9275b841608149fd60f691bb138a401941199150f3965310

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
106KB

MD5
e1670196b4b6bc32bd8c3276ae3b9d62

SHA1
80eb16d84847260678bba44bb45da68448d19a95

SHA256
30185fe9bf315c7c4eb2de5cb264f992033309d7ea7037b8fe5dc6c1934cc919

SHA512
9a03389238524abbc8afbf6a6449b4dd8cb642f155f6237dbe65f23a2e61fc587c09c47bbc08bbf3f1fcc0b2f7a5bb750eb789252eb4e92b5405607a0f30590d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
55KB

MD5
559ffe4164de5822573e2af481f070c0

SHA1
46b5565acfea5bd520aac9e18a4eb7093632d3e0

SHA256
3ad927cb24435d315794e57f5d1458a05867594519048fca4209c226aa9abfe9

SHA512
bec01261e81ac627dda1b485f205918a0c844fd9fdee44ca91e9a4d2e2b56bc9376201563c26b3afa68cbb578559a661ca347e58ea4d744588b749805483a68a

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
56KB

MD5
385a1ac30d6dff4145fb77d00385dd9c

SHA1
85e06c32e977f692f66c342ad0f07734269afd0c

SHA256
701af15f62a6da8b555c4c2a92e92d13de2206fa7effc4a3a3064679f0abf552

SHA512
1b568e753ca6024ce65acb14c6f2b3d992d77cff7ed99846df79e5af1a156fc3a172b864d75d16deb1643ac31daf78565833c718422d4671f8ebc1a052477c97

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
10KB

MD5
9a14422263b6ccf39394964dc2481262

SHA1
0f6c66acf012cdf260e29d3f56b13d2eb25a2aad

SHA256
bdf886d39261de339bcbe9541608f49eca209ee337711c67c1eed26afd56b13c

SHA512
92815739131811cb2b968324db1ed9ecf975e65b20b5c79663f148a1444e119a16ca1179c323f859fd87d5e21b6a5224c537ab8fbe7d0a35a80550274c47379a

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
43KB

MD5
d2394c6ba5cb9011f7594082ce503356

SHA1
6d84a481400045fc81c9c6c8ba35f10e389424f5

SHA256
56bb20f5d88dca91d40bcc4cba68340861fc3bc932e48a94ff6fafe6acee9588

SHA512
298f50100d522db41068bae6c4e4964dabe9bb26071c302f88442bef1f5c77631054d6a944b1170ac93cd6271a735bc0c92c63dc34a528e1c1beb219650d6813

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
22KB

MD5
63222e91c3bbc639f56791deee2b27ad

SHA1
58e955a209d22c49eaa777067dfeba065693eb1d

SHA256
d741a26dd28f6fd563e772b91e3ec179f204a558a792563b096756bce629a92d

SHA512
5830bf8b7cb59f058b906a8cd6100eeb14e21e400df443a46520cf437c3a8551c51c9e8e42f8a202240c8e6c6a58fcc9271cc3d15ec950b87833c8bf94b42d58

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
178KB

MD5
0507d71a553af3b26cb705d5f9ce400b

SHA1
5d08c09bb4e28245f79f21c5cb9b542c71f82b94

SHA256
96836b86830d339db24de34c9f99e55b6af92f1d4f364cab4bf11574091de63c

SHA512
4786d2d5b657ebd2f2a04398dc36aeed2e37ca0c818a32d395407aecf9d5bf658476fcb9fc6886f74d81091e100998f36f80cd0e6b933636e5c41d49a7fc89b1

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
109KB

MD5
b7fe39181f768a109df7b2c8149589f8

SHA1
5c9a7b4106ca19f6b0c1d77d87413e61384b2a7f

SHA256
2481ca78d9e3eea477caf36c765ca3ca557215dd7818a6dac452fa11664c0d75

SHA512
2be77734ffed70db9c8e8c157eb7726c6091eddf57d99701a20c429668d495c06dcc75767d69c89bc74eb17bcf95f239f211db5d84709458fa98e264d42d78bb

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
126KB

MD5
f9445a220928d41372044e7a30c7a27d

SHA1
8e4357f766c9424d2506a2dc8d3ea0b5a4317ac3

SHA256
36de9d6e33ba96a045678ffa3025431a48468125391b72cc50aed6c40bcb218e

SHA512
7b43ba0c428ee6924a3f616195e10159f4b43982537ae392a6d6c41f226cc247610c91d355fb6f531ff4671c685870cf11c2cefe3f8b28b28e556f8a5c03cd8b

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
221KB

MD5
733588961734c427c31dd76a4653de40

SHA1
b1b8a0485558fd9e7b9ec91964f4b01e7c3a9ee4

SHA256
739ae13bb2392af713ec3df084d28e7113f352dd56e4dec3436f16bc20b6e985

SHA512
3531074cf9941adf01eccf3af882eb072306fb00900ab5fc77a39e9c1571b405b49859b7c5f12d6731b592ab1cad7e0e0536d03c723a784894c5f195fef1f72a

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
60KB

MD5
c5610ac51a54bdf76337fd6cbb87a0f9

SHA1
4f87c5576a7c65f8837e89bdea3ad566a57b3f30

SHA256
e75cbe2ebecb247ace201fcf322d2ee1f56a21aa661b556dc99cae588cd1e8ad

SHA512
3c4ce9bf08f16bf04bfc3c415690c1d8dc97bfa7c3d40159914a539e6e47a6a1f2dfbd07d86b342905e5e6a01ec41eb9ec74ea17e1bf919c6080d6f7cb958a97

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
122KB

MD5
0d34e7dd7acef9a215a4353a35c18c29

SHA1
57b684b6f0b3664e6759050d616a22eda5047cae

SHA256
31557f5c9e87e7ce081cfa79b01639fb6387b5a0684632fd19d4fad6dd991bd2

SHA512
b3a518584f2927bd63edd7f4950d82f2ca744a41300a405031a220d9f34854f6141618cce5a242ddc7d9f1e1f46c565df2defb45b0507d04430d3b93a4accc47

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
85KB

MD5
25d1d20adce3492bcc1c0daa2e1cfcf5

SHA1
d7940cda16fa5de6ebbfee30597a54ad100eae2e

SHA256
2f2feb8e44f71d623237d169dd5a4486fdbc3b63fc97c92d989058b8e37a6098

SHA512
d40578403441946d399b3f7508df220b754dd212b87dd855932f8f028c9a94f5ec6fadad76c00355e1d2451bc4dae40b84686d06ef6223aae38a83c618c902b1

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
94KB

MD5
b233ddd9ee53c784fa4db69cf15379f3

SHA1
3a1ff63edc5ab4173a1411b01860dc88c3c20b89

SHA256
b9c5a4010b52e0944ca1566c9d00449666e7cdabb931a3b7455d367015c8be25

SHA512
01407d85cf0c00b4b9f1ece98552c1b6d3e25b91ff9f54d42e1fae1deb28f1711964a3b1cc43c6315bb27fde4e88f38c928ee6ffcfeeabb937cf4dfbcc1d8ed1

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
414KB

MD5
3696acf39fb7a1714535433a445a74c3

SHA1
0f4b97f86893301182982f9c6c0f105a66fae642

SHA256
cac81bbb023269aa93cbe4694fa3de30cd6a2322e325e5b87e547eb6bc4c9d8e

SHA512
096e17e340ae91f5f4fbf13989c532f48cd39cb50a256cdbba471bb8eb65de4478e5fb363f7571280931adb3a8855e15e6611811c6f47ffdc11f0ea3a3153e6c

Download Submit