14673cbca3c112dcd386f80b14c3be4ca4541d813f7355b694dd55bd7c47aa1c

General

Target

14673cbca3c112dcd386f80b14c3be4ca4541d813f7355b694dd55bd7c47aa1c.exe
Size

750KB
MD5

027a195b1c266c2e4dc520804b6c6870
SHA1

781bd6086299fc91fa2b7eede5f88534e7bece64
SHA256

14673cbca3c112dcd386f80b14c3be4ca4541d813f7355b694dd55bd7c47aa1c
SHA512

c40d520f32aa7deceb0ebe584585b6cd453bdee3c912805671c556dd70e924cf288ccc2e36acf7284b427a147a3e63a00e7f34468c8b3b221091445dd0d737b3
SSDEEP

3072:StwizQTj8CSUYf8W3nSjen++Bj88OZS0/Qe2HdOLlqw1aQuoYKN6LS12isV/f:muj8NDF3OR9/Qe2HdklruoYk6LWc/f

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

casino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.exeLiveMessageCenter.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.exeLiveMessageCenter.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.exeLiveMessageCenter.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.exeLiveMessageCenter.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.exeLiveMessageCenter.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.exeLiveMessageCenter.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.exe

pid	process
2772	casino_extensions.exe
4012	Casino_ext.exe
3672	casino_extensions.exe
1248	Casino_ext.exe
4208	casino_extensions.exe
1476	Casino_ext.exe
2428	LiveMessageCenter.exe
3348	casino_extensions.exe
404	Casino_ext.exe
3728	casino_extensions.exe
880	Casino_ext.exe
3356	LiveMessageCenter.exe
1880	casino_extensions.exe
4548	Casino_ext.exe
4556	casino_extensions.exe
1868	Casino_ext.exe
640	casino_extensions.exe
2968	Casino_ext.exe
2856	casino_extensions.exe
3620	Casino_ext.exe
508	LiveMessageCenter.exe
4724	casino_extensions.exe
2160	Casino_ext.exe
2840	casino_extensions.exe
3832	Casino_ext.exe
1988	casino_extensions.exe
2300	Casino_ext.exe
1884	LiveMessageCenter.exe
3568	casino_extensions.exe
684	Casino_ext.exe
3544	casino_extensions.exe
4992	Casino_ext.exe
1688	casino_extensions.exe
2316	Casino_ext.exe
1924	casino_extensions.exe
3100	Casino_ext.exe
1984	casino_extensions.exe
3412	Casino_ext.exe
2524	casino_extensions.exe
1284	Casino_ext.exe
4532	casino_extensions.exe
3680	Casino_ext.exe
2456	casino_extensions.exe
4948	Casino_ext.exe
2452	casino_extensions.exe
3812	Casino_ext.exe
5040	casino_extensions.exe
3388	Casino_ext.exe
1044	casino_extensions.exe
2908	Casino_ext.exe
3196	casino_extensions.exe
4216	Casino_ext.exe
3732	LiveMessageCenter.exe
3840	casino_extensions.exe
3424	Casino_ext.exe
4376	casino_extensions.exe
3996	Casino_ext.exe
2644	LiveMessageCenter.exe
2084	casino_extensions.exe
2772	Casino_ext.exe
3924	casino_extensions.exe
1248	Casino_ext.exe
4892	casino_extensions.exe
4300	Casino_ext.exe

Drops file in System32 directory 64 IoCs

Processes:

casino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.execasino_extensions.exe

description	ioc	process
File created	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File created	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\LiveMessageCenter.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\LiveMessageCenter.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\LiveMessageCenter.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\LiveMessageCenter.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\LiveMessageCenter.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\LiveMessageCenter.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe

Drops file in Program Files directory 64 IoCs

Processes:

casino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.exeCasino_ext.exeCasino_ext.execasino_extensions.execasino_extensions.execasino_extensions.exeCasino_ext.execasino_extensions.execasino_extensions.exeCasino_ext.execasino_extensions.exeLiveMessageCenter.execasino_extensions.exeCasino_ext.exeCasino_ext.exeCasino_ext.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.execasino_extensions.execasino_extensions.exeLiveMessageCenter.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.execasino_extensions.execasino_extensions.exeCasino_ext.exeCasino_ext.execasino_extensions.exeCasino_ext.exeCasino_ext.execasino_extensions.execasino_extensions.exeCasino_ext.exeCasino_ext.exeCasino_ext.exeLiveMessageCenter.execasino_extensions.exeLiveMessageCenter.exeCasino_ext.execasino_extensions.exeCasino_ext.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.exeCasino_ext.execasino_extensions.execasino_extensions.execasino_extensions.exeCasino_ext.execasino_extensions.exeCasino_ext.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	LiveMessageCenter.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	LiveMessageCenter.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	LiveMessageCenter.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	LiveMessageCenter.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Casino_ext.exeCasino_ext.exeCasino_ext.exeLiveMessageCenter.exeCasino_ext.exeCasino_ext.exeLiveMessageCenter.exeCasino_ext.exeCasino_ext.exeCasino_ext.exeCasino_ext.exeLiveMessageCenter.exeCasino_ext.exeCasino_ext.exeCasino_ext.exeLiveMessageCenter.exeCasino_ext.exeCasino_ext.exeCasino_ext.exeCasino_ext.exeCasino_ext.exeCasino_ext.exeCasino_ext.exeCasino_ext.exeCasino_ext.exeCasino_ext.exeCasino_ext.exeCasino_ext.exeLiveMessageCenter.exeCasino_ext.exeCasino_ext.exeLiveMessageCenter.exe

pid	process
4012	Casino_ext.exe
4012	Casino_ext.exe
1248	Casino_ext.exe
1248	Casino_ext.exe
1476	Casino_ext.exe
1476	Casino_ext.exe
2428	LiveMessageCenter.exe
2428	LiveMessageCenter.exe
404	Casino_ext.exe
404	Casino_ext.exe
880	Casino_ext.exe
880	Casino_ext.exe
3356	LiveMessageCenter.exe
3356	LiveMessageCenter.exe
4548	Casino_ext.exe
4548	Casino_ext.exe
1868	Casino_ext.exe
1868	Casino_ext.exe
2968	Casino_ext.exe
2968	Casino_ext.exe
3620	Casino_ext.exe
3620	Casino_ext.exe
508	LiveMessageCenter.exe
508	LiveMessageCenter.exe
2160	Casino_ext.exe
2160	Casino_ext.exe
3832	Casino_ext.exe
3832	Casino_ext.exe
2300	Casino_ext.exe
2300	Casino_ext.exe
1884	LiveMessageCenter.exe
1884	LiveMessageCenter.exe
684	Casino_ext.exe
684	Casino_ext.exe
4992	Casino_ext.exe
4992	Casino_ext.exe
2316	Casino_ext.exe
2316	Casino_ext.exe
3100	Casino_ext.exe
3100	Casino_ext.exe
3412	Casino_ext.exe
3412	Casino_ext.exe
1284	Casino_ext.exe
1284	Casino_ext.exe
3680	Casino_ext.exe
3680	Casino_ext.exe
4948	Casino_ext.exe
4948	Casino_ext.exe
3812	Casino_ext.exe
3812	Casino_ext.exe
3388	Casino_ext.exe
3388	Casino_ext.exe
2908	Casino_ext.exe
2908	Casino_ext.exe
4216	Casino_ext.exe
4216	Casino_ext.exe
3732	LiveMessageCenter.exe
3732	LiveMessageCenter.exe
3424	Casino_ext.exe
3424	Casino_ext.exe
3996	Casino_ext.exe
3996	Casino_ext.exe
2644	LiveMessageCenter.exe
2644	LiveMessageCenter.exe

Suspicious behavior: RenamesItself 1 IoCs

Processes:

14673cbca3c112dcd386f80b14c3be4ca4541d813f7355b694dd55bd7c47aa1c.exe

pid process

3308 14673cbca3c112dcd386f80b14c3be4ca4541d813f7355b694dd55bd7c47aa1c.exe

pid	process
3308	14673cbca3c112dcd386f80b14c3be4ca4541d813f7355b694dd55bd7c47aa1c.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

14673cbca3c112dcd386f80b14c3be4ca4541d813f7355b694dd55bd7c47aa1c.execasino_extensions.execasino_extensions.exeCasino_ext.execasino_extensions.execasino_extensions.exeCasino_ext.execasino_extensions.execasino_extensions.exeCasino_ext.execasino_extensions.exeLiveMessageCenter.execasino_extensions.execasino_extensions.exeCasino_ext.execasino_extensions.execasino_extensions.exeCasino_ext.execasino_extensions.exeLiveMessageCenter.execasino_extensions.execasino_extensions.exe

description	pid	process	target process
PID 3308 wrote to memory of 2764	3308	14673cbca3c112dcd386f80b14c3be4ca4541d813f7355b694dd55bd7c47aa1c.exe	casino_extensions.exe
PID 3308 wrote to memory of 2764	3308	14673cbca3c112dcd386f80b14c3be4ca4541d813f7355b694dd55bd7c47aa1c.exe	casino_extensions.exe
PID 3308 wrote to memory of 2764	3308	14673cbca3c112dcd386f80b14c3be4ca4541d813f7355b694dd55bd7c47aa1c.exe	casino_extensions.exe
PID 2764 wrote to memory of 2772	2764	casino_extensions.exe	casino_extensions.exe
PID 2764 wrote to memory of 2772	2764	casino_extensions.exe	casino_extensions.exe
PID 2764 wrote to memory of 2772	2764	casino_extensions.exe	casino_extensions.exe
PID 2772 wrote to memory of 4012	2772	casino_extensions.exe	Casino_ext.exe
PID 2772 wrote to memory of 4012	2772	casino_extensions.exe	Casino_ext.exe
PID 2772 wrote to memory of 4012	2772	casino_extensions.exe	Casino_ext.exe
PID 4012 wrote to memory of 4156	4012	Casino_ext.exe	casino_extensions.exe
PID 4012 wrote to memory of 4156	4012	Casino_ext.exe	casino_extensions.exe
PID 4012 wrote to memory of 4156	4012	Casino_ext.exe	casino_extensions.exe
PID 4156 wrote to memory of 3672	4156	casino_extensions.exe	casino_extensions.exe
PID 4156 wrote to memory of 3672	4156	casino_extensions.exe	casino_extensions.exe
PID 4156 wrote to memory of 3672	4156	casino_extensions.exe	casino_extensions.exe
PID 3672 wrote to memory of 1248	3672	casino_extensions.exe	Casino_ext.exe
PID 3672 wrote to memory of 1248	3672	casino_extensions.exe	Casino_ext.exe
PID 3672 wrote to memory of 1248	3672	casino_extensions.exe	Casino_ext.exe
PID 1248 wrote to memory of 5056	1248	Casino_ext.exe	casino_extensions.exe
PID 1248 wrote to memory of 5056	1248	Casino_ext.exe	casino_extensions.exe
PID 1248 wrote to memory of 5056	1248	Casino_ext.exe	casino_extensions.exe
PID 5056 wrote to memory of 4208	5056	casino_extensions.exe	casino_extensions.exe
PID 5056 wrote to memory of 4208	5056	casino_extensions.exe	casino_extensions.exe
PID 5056 wrote to memory of 4208	5056	casino_extensions.exe	casino_extensions.exe
PID 4208 wrote to memory of 1476	4208	casino_extensions.exe	Casino_ext.exe
PID 4208 wrote to memory of 1476	4208	casino_extensions.exe	Casino_ext.exe
PID 4208 wrote to memory of 1476	4208	casino_extensions.exe	Casino_ext.exe
PID 1476 wrote to memory of 720	1476	Casino_ext.exe	casino_extensions.exe
PID 1476 wrote to memory of 720	1476	Casino_ext.exe	casino_extensions.exe
PID 1476 wrote to memory of 720	1476	Casino_ext.exe	casino_extensions.exe
PID 720 wrote to memory of 2428	720	casino_extensions.exe	LiveMessageCenter.exe
PID 720 wrote to memory of 2428	720	casino_extensions.exe	LiveMessageCenter.exe
PID 720 wrote to memory of 2428	720	casino_extensions.exe	LiveMessageCenter.exe
PID 2428 wrote to memory of 1420	2428	LiveMessageCenter.exe	casino_extensions.exe
PID 2428 wrote to memory of 1420	2428	LiveMessageCenter.exe	casino_extensions.exe
PID 2428 wrote to memory of 1420	2428	LiveMessageCenter.exe	casino_extensions.exe
PID 1420 wrote to memory of 3348	1420	casino_extensions.exe	casino_extensions.exe
PID 1420 wrote to memory of 3348	1420	casino_extensions.exe	casino_extensions.exe
PID 1420 wrote to memory of 3348	1420	casino_extensions.exe	casino_extensions.exe
PID 3348 wrote to memory of 404	3348	casino_extensions.exe	Casino_ext.exe
PID 3348 wrote to memory of 404	3348	casino_extensions.exe	Casino_ext.exe
PID 3348 wrote to memory of 404	3348	casino_extensions.exe	Casino_ext.exe
PID 404 wrote to memory of 4088	404	Casino_ext.exe	casino_extensions.exe
PID 404 wrote to memory of 4088	404	Casino_ext.exe	casino_extensions.exe
PID 404 wrote to memory of 4088	404	Casino_ext.exe	casino_extensions.exe
PID 4088 wrote to memory of 3728	4088	casino_extensions.exe	casino_extensions.exe
PID 4088 wrote to memory of 3728	4088	casino_extensions.exe	casino_extensions.exe
PID 4088 wrote to memory of 3728	4088	casino_extensions.exe	casino_extensions.exe
PID 3728 wrote to memory of 880	3728	casino_extensions.exe	Casino_ext.exe
PID 3728 wrote to memory of 880	3728	casino_extensions.exe	Casino_ext.exe
PID 3728 wrote to memory of 880	3728	casino_extensions.exe	Casino_ext.exe
PID 880 wrote to memory of 2124	880	Casino_ext.exe	casino_extensions.exe
PID 880 wrote to memory of 2124	880	Casino_ext.exe	casino_extensions.exe
PID 880 wrote to memory of 2124	880	Casino_ext.exe	casino_extensions.exe
PID 2124 wrote to memory of 3356	2124	casino_extensions.exe	LiveMessageCenter.exe
PID 2124 wrote to memory of 3356	2124	casino_extensions.exe	LiveMessageCenter.exe
PID 2124 wrote to memory of 3356	2124	casino_extensions.exe	LiveMessageCenter.exe
PID 3356 wrote to memory of 4588	3356	LiveMessageCenter.exe	casino_extensions.exe
PID 3356 wrote to memory of 4588	3356	LiveMessageCenter.exe	casino_extensions.exe
PID 3356 wrote to memory of 4588	3356	LiveMessageCenter.exe	casino_extensions.exe
PID 4588 wrote to memory of 1880	4588	casino_extensions.exe	casino_extensions.exe
PID 4588 wrote to memory of 1880	4588	casino_extensions.exe	casino_extensions.exe
PID 4588 wrote to memory of 1880	4588	casino_extensions.exe	casino_extensions.exe
PID 1880 wrote to memory of 4548	1880	casino_extensions.exe	Casino_ext.exe

C:\Users\Admin\AppData\Local\Temp\14673cbca3c112dcd386f80b14c3be4ca4541d813f7355b694dd55bd7c47aa1c.exe
"C:\Users\Admin\AppData\Local\Temp\14673cbca3c112dcd386f80b14c3be4ca4541d813f7355b694dd55bd7c47aa1c.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3308

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
2⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2764

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2772

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4012

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
5⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4156

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3672

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1248

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
8⤵
- Suspicious use of WriteProcessMemory
PID:5056

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4208

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
10⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1476

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
11⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:720

C:\Windows\SysWOW64\LiveMessageCenter.exe
C:\Windows\system32\LiveMessageCenter.exe /part2
12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2428

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
13⤵
- Suspicious use of WriteProcessMemory
PID:1420

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3348

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:404

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
16⤵
- Suspicious use of WriteProcessMemory
PID:4088

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3728

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
18⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:880

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
19⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2124

C:\Windows\SysWOW64\LiveMessageCenter.exe
C:\Windows\system32\LiveMessageCenter.exe
20⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3356

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
21⤵
- Suspicious use of WriteProcessMemory
PID:4588

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
22⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1880

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4548

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
24⤵
PID:4812

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
25⤵
- Executes dropped EXE
PID:4556

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
26⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1868

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
27⤵
- Drops file in System32 directory
PID:2944

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
28⤵
- Executes dropped EXE
PID:640

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
29⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2968

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
30⤵
PID:1652

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
31⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2856

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
32⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3620

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
33⤵
PID:4412

C:\Windows\SysWOW64\LiveMessageCenter.exe
C:\Windows\system32\LiveMessageCenter.exe
34⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:508

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
35⤵
PID:1072

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
36⤵
- Executes dropped EXE
PID:4724

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
37⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:2160

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
38⤵
- Drops file in System32 directory
PID:1396

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
39⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2840

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
40⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3832

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
41⤵
- Drops file in System32 directory
PID:3564

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
42⤵
- Executes dropped EXE
PID:1988

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
43⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2300

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
44⤵
PID:380

C:\Windows\SysWOW64\LiveMessageCenter.exe
C:\Windows\system32\LiveMessageCenter.exe
45⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:1884

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
46⤵
- Drops file in System32 directory
PID:4792

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
47⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3568

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
48⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:684

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
49⤵
PID:3172

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
50⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3544

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
51⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4992

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
52⤵
PID:3984

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
53⤵
- Executes dropped EXE
PID:1688

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
54⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2316

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
55⤵
PID:1404

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
56⤵
- Executes dropped EXE
PID:1924

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
57⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3100

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
58⤵
- Drops file in System32 directory
PID:552

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
59⤵
- Executes dropped EXE
PID:1984

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
60⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3412

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
61⤵
- Drops file in System32 directory
PID:4920

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
62⤵
- Executes dropped EXE
PID:2524

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
63⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1284

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
64⤵
PID:4824

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
65⤵
- Executes dropped EXE
PID:4532

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
66⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3680

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
67⤵
- Drops file in System32 directory
PID:1668

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
68⤵
- Executes dropped EXE
PID:2456

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
69⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4948

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
70⤵
PID:2036

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
71⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2452

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
72⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3812

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
73⤵
- Drops file in System32 directory
PID:3084

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
74⤵
- Executes dropped EXE
PID:5040

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
75⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3388

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
76⤵
PID:1828

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
77⤵
- Executes dropped EXE
PID:1044

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
78⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2908

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
79⤵
- Drops file in System32 directory
PID:2044

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
80⤵
- Executes dropped EXE
PID:3196

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
81⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4216

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
82⤵
- Drops file in System32 directory
PID:4476

C:\Windows\SysWOW64\LiveMessageCenter.exe
C:\Windows\system32\LiveMessageCenter.exe
83⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3732

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
84⤵
PID:528

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
85⤵
- Executes dropped EXE
PID:3840

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
86⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3424

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
87⤵
PID:4996

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
88⤵
- Executes dropped EXE
PID:4376

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
89⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3996

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
90⤵
PID:1384

C:\Windows\SysWOW64\LiveMessageCenter.exe
C:\Windows\system32\LiveMessageCenter.exe
91⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:2644

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
92⤵
- Drops file in System32 directory
PID:2988

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
93⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2084

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
94⤵
- Executes dropped EXE
PID:2772

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
95⤵
- Drops file in System32 directory
PID:4648

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
96⤵
- Executes dropped EXE
PID:3924

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
97⤵
- Executes dropped EXE
PID:1248

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
98⤵
PID:4780

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
99⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4892

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
100⤵
- Executes dropped EXE
PID:4300

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
101⤵
PID:5056

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
102⤵
PID:1476

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
103⤵
PID:1976

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
104⤵
PID:1856

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
105⤵
PID:720

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
106⤵
PID:2416

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
107⤵
PID:2428

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
108⤵
PID:4568

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
109⤵
PID:1904

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
110⤵
- Drops file in System32 directory
PID:404

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
111⤵
- Drops file in Program Files directory
PID:4488

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
112⤵
PID:5064

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
113⤵
PID:880

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
114⤵
PID:1272

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
115⤵
PID:2080

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
116⤵
PID:4472

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
117⤵
PID:3060

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
118⤵
PID:4036

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
119⤵
PID:4588

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
120⤵
PID:2064

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
121⤵
PID:1028

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
122⤵
- Drops file in System32 directory
PID:2196

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
123⤵
PID:3200

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
124⤵
PID:4484

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
125⤵
PID:3684

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
126⤵
PID:2944

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
127⤵
PID:4080

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
128⤵
- Drops file in System32 directory
PID:4924

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
129⤵
PID:1652

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
130⤵
PID:4740

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
131⤵
PID:4784

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
132⤵
PID:1436

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
133⤵
- Drops file in Program Files directory
PID:3108

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
134⤵
PID:2160

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
135⤵
- Drops file in Program Files directory
PID:1968

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
136⤵
PID:3832

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
137⤵
- Drops file in System32 directory
PID:512

C:\Windows\SysWOW64\LiveMessageCenter.exe
C:\Windows\system32\LiveMessageCenter.exe
138⤵
- Drops file in Program Files directory
PID:1632

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
139⤵
PID:2788

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
140⤵
PID:2836

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
141⤵
PID:4764

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
142⤵
PID:948

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
143⤵
PID:1940

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
144⤵
PID:4280

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
145⤵
PID:2320

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
146⤵
- Drops file in Program Files directory
PID:1588

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
147⤵
- Drops file in Program Files directory
PID:1008

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
148⤵
PID:3176

C:\Windows\SysWOW64\LiveMessageCenter.exe
C:\Windows\system32\LiveMessageCenter.exe
149⤵
PID:3788

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
150⤵
PID:2612

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
151⤵
PID:3736

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
152⤵
PID:2948

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
153⤵
PID:1944

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
154⤵
- Drops file in Program Files directory
PID:4456

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
155⤵
PID:3420

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
156⤵
- Drops file in System32 directory
PID:4920

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
157⤵
- Drops file in Program Files directory
PID:3468

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
158⤵
PID:5068

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
159⤵
PID:2512

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
160⤵
- Drops file in Program Files directory
PID:4024

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
161⤵
- Drops file in Program Files directory
PID:4888

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
162⤵
PID:2540

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
163⤵
PID:3508

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
164⤵
PID:4068

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
165⤵
- Drops file in System32 directory
PID:784

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
166⤵
PID:3988

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
167⤵
- Drops file in Program Files directory
PID:2452

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
168⤵
PID:4876

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
169⤵
PID:3720

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
170⤵
- Drops file in Program Files directory
PID:1684

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
171⤵
PID:3084

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
172⤵
PID:5036

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
173⤵
PID:4940

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
174⤵
PID:1612

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
175⤵
PID:1620

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
176⤵
PID:2908

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
177⤵
- Drops file in System32 directory
PID:4216

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
178⤵
PID:4636

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
179⤵
PID:3640

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
180⤵
PID:5112

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
181⤵
PID:3732

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
182⤵
PID:4384

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
183⤵
- Drops file in System32 directory
PID:4536

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
184⤵
PID:3840

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
185⤵
PID:388

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
186⤵
- Drops file in System32 directory
PID:1124

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
187⤵
PID:3996

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
188⤵
PID:2308

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
189⤵
PID:1772

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
190⤵
- Drops file in Program Files directory
PID:2644

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
191⤵
PID:2988

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
192⤵
PID:4952

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
193⤵
PID:2772

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
194⤵
PID:4648

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
195⤵
PID:3596

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
196⤵
PID:4076

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
197⤵
PID:2252

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
198⤵
PID:4632

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
199⤵
PID:1872

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
200⤵
PID:4904

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
201⤵
PID:1476

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
202⤵
PID:3940

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
203⤵
PID:1324

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
204⤵
- Drops file in System32 directory
PID:4572

C:\Windows\SysWOW64\LiveMessageCenter.exe
C:\Windows\system32\LiveMessageCenter.exe
205⤵
PID:116

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
206⤵
PID:1276

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
207⤵
PID:4568

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
208⤵
PID:4480

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
209⤵
PID:3316

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
210⤵
PID:4964

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
211⤵
PID:5064

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
212⤵
- Drops file in System32 directory
PID:2124

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
213⤵
PID:3688

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
214⤵
PID:2080

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
215⤵
PID:4548

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
216⤵
- Drops file in Program Files directory
PID:2576

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
217⤵
- Drops file in Program Files directory
PID:4036

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
218⤵
- Drops file in System32 directory
PID:2952

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
219⤵
PID:4552

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
220⤵
- Drops file in Program Files directory
PID:1028

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
221⤵
PID:4276

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
222⤵
PID:3200

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
223⤵
- Drops file in Program Files directory
PID:3592

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
224⤵
PID:776

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
225⤵
PID:4980

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
226⤵
PID:3524

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
227⤵
- Drops file in System32 directory
PID:1748

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
228⤵
PID:4412

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
229⤵
- Drops file in Program Files directory
PID:4740

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
230⤵
- Drops file in System32 directory
PID:4404

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
231⤵
PID:4184

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
232⤵
- Drops file in Program Files directory
PID:3652

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
233⤵
- Drops file in System32 directory
PID:3204

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
234⤵
PID:4800

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
235⤵
PID:4752

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
236⤵
PID:2300

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
237⤵
PID:3968

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
238⤵
- Drops file in Program Files directory
PID:2448

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
239⤵
PID:4796

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
240⤵
PID:4040

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
241⤵
PID:3268

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
242⤵
- Drops file in System32 directory
PID:948

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
243⤵
PID:3160

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
244⤵
PID:1288

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
245⤵
PID:2316

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
246⤵
- Drops file in Program Files directory
PID:1924

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
247⤵
PID:4140

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
248⤵
- Drops file in System32 directory
PID:1928

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
249⤵
PID:1504

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
250⤵
PID:892

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
251⤵
PID:700

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
252⤵
PID:4360

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
253⤵
PID:2604

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
254⤵
PID:2924

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
255⤵
PID:2360

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
256⤵
PID:4704

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
257⤵
- Drops file in System32 directory
PID:1668

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
258⤵
PID:4196

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
259⤵
PID:4224

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
260⤵
PID:4316

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
261⤵
PID:3028

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
262⤵
PID:536

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
263⤵
PID:3988

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
264⤵
- Drops file in Program Files directory
PID:3388

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
265⤵
PID:1068

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
266⤵
- Drops file in System32 directory
PID:3720

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
267⤵
PID:4788

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
268⤵
PID:1828

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
269⤵
- Drops file in System32 directory
PID:5036

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
270⤵
PID:2668

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
271⤵
PID:5104

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
272⤵
PID:1620

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
273⤵
- Drops file in Program Files directory
PID:5116

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
274⤵
- Drops file in Program Files directory
PID:3164

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
275⤵
PID:2284

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
276⤵
PID:3424

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
277⤵
PID:452

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
278⤵
- Drops file in System32 directory
PID:3732

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
279⤵
PID:3828

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
280⤵
PID:4012

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
281⤵
PID:3840

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
282⤵
PID:4120

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
283⤵
PID:4820

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
284⤵
- Drops file in System32 directory
PID:3996

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
285⤵
PID:4884

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
286⤵
PID:2560

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
287⤵
- Drops file in System32 directory
PID:2988

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
288⤵
- Drops file in Program Files directory
PID:1136

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
289⤵
PID:4952

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
290⤵
PID:4648

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
291⤵
PID:4300

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
292⤵
- Drops file in Program Files directory
PID:3048

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
293⤵
PID:2252

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
294⤵
PID:4420

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
295⤵
PID:2800

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
296⤵
PID:5004

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
297⤵
PID:1476

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
298⤵
PID:4776

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
299⤵
PID:1904

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
300⤵
PID:1208

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
301⤵
PID:4088

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
302⤵
PID:404

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
303⤵
PID:1352

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
304⤵
PID:3208

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
305⤵
PID:3456

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
306⤵
PID:3316

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
307⤵
- Drops file in Program Files directory
PID:1032

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
308⤵
- Drops file in System32 directory
PID:3836

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
309⤵
PID:2124

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
310⤵
PID:3576

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
311⤵
PID:2064

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
312⤵
PID:4548

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
313⤵
PID:1868

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
314⤵
- Drops file in System32 directory
PID:3740

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
315⤵
PID:4552

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
316⤵
PID:3540

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
317⤵
PID:4720

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
318⤵
PID:4808

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
319⤵
PID:4080

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
320⤵
PID:224

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
321⤵
- Drops file in Program Files directory
PID:776

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
322⤵
PID:1748

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
323⤵
PID:3484

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
324⤵
PID:3108

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
325⤵
PID:680

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
326⤵
PID:4520

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
327⤵
PID:2160

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
328⤵
- Drops file in Program Files directory
PID:684

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
329⤵
PID:2364

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
330⤵
PID:3204

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
331⤵
PID:4752

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
332⤵
- Drops file in System32 directory
PID:4764

C:\Windows\SysWOW64\LiveMessageCenter.exe
C:\Windows\system32\LiveMessageCenter.exe
333⤵
PID:1408

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
334⤵
PID:2144

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
335⤵
PID:1008

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
336⤵
PID:2320

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
337⤵
- Drops file in System32 directory
PID:4908

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
338⤵
PID:1892

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
339⤵
PID:1924

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
340⤵
- Drops file in System32 directory
PID:2948

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
341⤵
PID:5008

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
342⤵
PID:892

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
343⤵
PID:3244

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
344⤵
PID:3148

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
345⤵
PID:700

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
346⤵
PID:4152

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
347⤵
PID:748

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
348⤵
PID:2036

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
349⤵
- Drops file in System32 directory
PID:1520

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
350⤵
PID:1512

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
351⤵
- Drops file in Program Files directory
PID:2540

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
352⤵
PID:4316

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
353⤵
PID:1716

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
354⤵
PID:3812

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
355⤵
- Drops file in System32 directory
PID:1684

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
356⤵
- Drops file in Program Files directory
PID:432

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
357⤵
- Drops file in Program Files directory
PID:1044

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
358⤵
PID:2136

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
359⤵
PID:3884

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
360⤵
PID:4788

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
361⤵
PID:1640

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
362⤵
- Drops file in Program Files directory
PID:4636

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
363⤵
PID:5036

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
364⤵
- Drops file in System32 directory
PID:2408

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
365⤵
PID:2964

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
366⤵
PID:4832

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
367⤵
- Drops file in System32 directory
PID:4052

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
368⤵
PID:3492

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
369⤵
PID:1576

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
370⤵
PID:4996

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
371⤵
PID:2992

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
372⤵
PID:3732

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
373⤵
PID:4772

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
374⤵
PID:2308

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
375⤵
PID:4120

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
376⤵
- Drops file in System32 directory
PID:5032

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
377⤵
- Drops file in Program Files directory
PID:3628

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
378⤵
- Drops file in Program Files directory
PID:2644

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
379⤵
PID:4208

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
380⤵
- Drops file in Program Files directory
PID:4780

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
381⤵
PID:1176

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
382⤵
PID:1976

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
383⤵
PID:5056

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
384⤵
- Drops file in Program Files directory
PID:4300

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
385⤵
- Drops file in System32 directory
PID:4496

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
386⤵
PID:1856

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
387⤵
PID:720

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
388⤵
PID:4728

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
389⤵
PID:2416

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
390⤵
- Drops file in Program Files directory
PID:116

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
391⤵
- Drops file in System32 directory
PID:4568

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
392⤵
- Drops file in Program Files directory
PID:3728

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
393⤵
PID:1208

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
394⤵
PID:3964

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
395⤵
PID:3120

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
396⤵
PID:3208

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
397⤵
PID:1880

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
398⤵
- Drops file in Program Files directory
PID:3060

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
399⤵
PID:112

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
400⤵
- Drops file in System32 directory
PID:4036

C:\Windows\SysWOW64\LiveMessageCenter.exe
C:\Windows\system32\LiveMessageCenter.exe
401⤵
PID:3836

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
402⤵
PID:4104

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
403⤵
PID:2196

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
404⤵
PID:2952

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
405⤵
PID:2968

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
406⤵
PID:4276

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
407⤵
- Drops file in Program Files directory
PID:3592

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
408⤵
- Drops file in System32 directory
PID:1216

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
409⤵
PID:3700

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
410⤵
PID:264

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
411⤵
PID:3904

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
412⤵
PID:4416

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
413⤵
PID:3464

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
414⤵
PID:1616

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
415⤵
PID:3652

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
416⤵
PID:3832

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
417⤵
PID:3564

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
418⤵
PID:512

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
419⤵
PID:4520

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
420⤵
- Drops file in System32 directory
PID:684

C:\Windows\SysWOW64\LiveMessageCenter.exe
C:\Windows\system32\LiveMessageCenter.exe
421⤵
PID:1584

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
422⤵
PID:3204

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
423⤵
PID:4280

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
424⤵
PID:948

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
425⤵
- Drops file in System32 directory
PID:3984

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
426⤵
PID:3152

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
427⤵
- Drops file in Program Files directory
PID:2144

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
428⤵
PID:2320

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
429⤵
PID:1504

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
430⤵
PID:1284

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
431⤵
PID:1892

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
432⤵
PID:3648

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
433⤵
- Drops file in Program Files directory
PID:3420

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
434⤵
- Drops file in System32 directory
PID:4824

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
435⤵
PID:4360

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
436⤵
PID:2456

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
437⤵
- Drops file in System32 directory
PID:2604

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
438⤵
PID:700

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
439⤵
PID:4152

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
440⤵
- Drops file in System32 directory
PID:4948

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
441⤵
PID:4196

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
442⤵
PID:1520

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
443⤵
- Drops file in System32 directory
PID:4148

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
444⤵
PID:5040

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
445⤵
PID:3388

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
446⤵
PID:1716

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
447⤵
PID:3812

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
448⤵
PID:4940

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
449⤵
- Drops file in System32 directory
PID:2844

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
450⤵
PID:1044

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
451⤵
PID:2908

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
452⤵
- Drops file in System32 directory
PID:4652

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
453⤵
PID:1828

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
454⤵
- Drops file in Program Files directory
PID:3640

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
455⤵
PID:4636

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
456⤵
PID:1620

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
457⤵
PID:2092

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
458⤵
PID:452

C:\Windows\SysWOW64\LiveMessageCenter.exe
C:\Windows\system32\LiveMessageCenter.exe
459⤵
PID:4052

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
460⤵
PID:4012

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
461⤵
- Drops file in Program Files directory
PID:3504

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
462⤵
PID:1804

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
463⤵
PID:1248

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
464⤵
PID:4820

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
465⤵
- Drops file in Program Files directory
PID:5096

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
466⤵
- Drops file in System32 directory
PID:4892

C:\Windows\SysWOW64\LiveMessageCenter.exe
C:\Windows\system32\LiveMessageCenter.exe
467⤵
- Drops file in Program Files directory
PID:2644

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
468⤵
PID:4128

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
469⤵
- Drops file in Program Files directory
PID:1176

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
470⤵
PID:2936

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
471⤵
PID:1324

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
472⤵
PID:3988

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
473⤵
PID:1476

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
474⤵
PID:4776

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
475⤵
PID:3716

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
476⤵
PID:1276

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
477⤵
- Drops file in System32 directory
PID:3040

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
478⤵
PID:116

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
479⤵
PID:404

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
480⤵
PID:4568

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
481⤵
PID:2976

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
482⤵
PID:4472

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
483⤵
PID:3356

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
484⤵
PID:3752

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
485⤵
PID:1032

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
486⤵
PID:112

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
487⤵
PID:4588

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
488⤵
PID:2576

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
489⤵
PID:640

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
490⤵
PID:3200

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
491⤵
PID:4104

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
492⤵
PID:2952

C:\Windows\SysWOW64\LiveMessageCenter.exe
C:\Windows\system32\LiveMessageCenter.exe
493⤵
PID:4936

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
494⤵
PID:4552

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
495⤵
PID:3740

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
496⤵
- Drops file in Program Files directory
PID:4080

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
497⤵
PID:3700

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c $$2028~1.BAT
498⤵
PID:2200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\LiveMessageCenter.exe

Filesize
758KB

MD5
fa5770fdbc8db42a7318f90a7ce0f171

SHA1
7572d88cb8058c471bf0e3ffc5334b4928811b2b

SHA256
52c5bd87a0ac4f6bbcaa060311cdc17add3e2b73382b61be03ce7362dc7eb748

SHA512
11a39de016a27b0f285972e0d01f4e793251cbd68c37a10ff598d9dd5e996d98a38d6722ee48ad09ad0c5600e8ac153e10210ed3f749cbfa9baae251d8915de0

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
752KB

MD5
480e78cc17ab1c112bd49295ea9d2d0d

SHA1
7812fcec31d1fc547275642fe12cd13b29ca8925

SHA256
b8bbd41df609850e121809ee026c197eb9d782da4cbe7468bdd39c8eef01618f

SHA512
1109f1edbdf92f6493112945761fabe5568256b88dec2d88ab2ca6d186f64837dbe852676b44b63725cc25943b9a12f3715b6da3f64b9e75f1d6e9d48b8ee0d0

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
759KB

MD5
01550261c856f6dd4f317a2c051f1f39

SHA1
bf38401a3598057b0cef7e9b064ce181c27d36cd

SHA256
b5eb8236d17c20044f8e30ce5f169741a8e793960addf7b058d893ac8f797a9a

SHA512
682fa7c45e9e9f555e46129c5b66e9095db95ae6bcca8f214b88a6c329c621b2fb9b790effaa43a995bcc935162d8a9d60ec1807da9ae75cd629ffc80fb8f1a7

Download Submit
memory/2772-8-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/3308-7-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads