Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
13/05/2024, 17:07
General
-
Target
bf1a01683158943d42226c41051e08a0_NeikiAnalytics.exe
-
Size
794KB
-
MD5
bf1a01683158943d42226c41051e08a0
-
SHA1
2800f728cec33be833fbb8762bff4323d28661cf
-
SHA256
2f707b2e3a4a55233830597e4fc872902b9fed4e671ea05878c1ec0c8965c2a7
-
SHA512
c56662b4b298f1018026c09bc002cea7a958560cdc551857415ceec322b728f63f2d71f4ede6f28b08c0e308d4aabf42cb3568e8bc8adadd9dff85feb4528b61
-
SSDEEP
3072:LtwizQTj8CSUYf8W3nSjen++Bj88OZS0/Qe2HdOylqwMykw+imi5wxx4Vao2i1d3:Buj8NDF3OR9/Qe2HdJ8pS4ofWdii6
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bf1a01683158943d42226c41051e08a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\bf1a01683158943d42226c41051e08a0_NeikiAnalytics.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"2⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"5⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"8⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe9⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe10⤵
- Deletes itself
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe13⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"14⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe16⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"17⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"20⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe21⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"23⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe24⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"25⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LiveMessageCenter.exeC:\Windows\system32\LiveMessageCenter.exe /part226⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"27⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe29⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"30⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe31⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe32⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"33⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe34⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"35⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LiveMessageCenter.exeC:\Windows\system32\LiveMessageCenter.exe36⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"37⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe39⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"40⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe42⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"43⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe44⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe45⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"46⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe48⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"49⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe51⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"52⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe53⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe54⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"55⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe56⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe57⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"58⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe60⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"61⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe63⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"64⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe66⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"67⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe68⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe69⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"70⤵
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe71⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe72⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"73⤵
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe74⤵
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe75⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"76⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe77⤵
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe78⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"79⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe80⤵
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe81⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"82⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe83⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe84⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"85⤵
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe86⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe87⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"88⤵
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe89⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe90⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"91⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe92⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe93⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"94⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe95⤵
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe96⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"97⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe98⤵
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe99⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"100⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe101⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe102⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"103⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe104⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe105⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"106⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe107⤵
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe108⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"109⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe110⤵
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe111⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"112⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe113⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe114⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"115⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe116⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe117⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"118⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe119⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe120⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"121⤵
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-