Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Movavi Slideshow Maker 4.exe

Overview

General Information

Sample name:Movavi Slideshow Maker 4.exe
Analysis ID:1541901
MD5:0cd8f9edc5183f8729598f19cf2da06b
SHA1:300049e800fe66c3ea872abf9ac9599b351ba9a6
SHA256:9a6d2d6ca21a6b83a31aa5a5f855d653d66096ffe0b25dcdf04f4943e3d3892d
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Hides threads from debuggers
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found dropped PE file which has not been started or loaded
JA3 SSL client fingerprint seen in connection with other malware
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Movavi Slideshow Maker 4.exe (PID: 7276 cmdline: "C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe" MD5: 0CD8F9EDC5183F8729598F19CF2DA06B)
    • SlideshowMaker.exe (PID: 7888 cmdline: "C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe" /864A627C-C6B2-464A-AA13-25D62F282BD8 MD5: 46938D51A127BCF45160C5D857F5DB37)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: SlideshowMaker.exe, 00000009.00000003.1372843707.0000000000CC8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_e5e67c1d-4
Source: Movavi Slideshow Maker 4.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 104.26.14.179:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 84.16.252.107:443 -> 192.168.2.7:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 84.16.252.107:443 -> 192.168.2.7:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 84.16.252.107:443 -> 192.168.2.7:49738 version: TLS 1.2
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreApp.pdb**! source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ParserFactory.pdb source: SlideshowMaker.exe, 00000009.00000003.1391903450.000000000495D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ComputingResourceManager.pdb source: SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditingScene.pdb)) source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Policies.pdb""! source: SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\BeatDetection.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CodecPolicyController.pdb source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PatentActivator.pdb source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OverlayEngine.pdb'' source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreTime.pdb source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375871241.0000000003F41000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtDownloadManager.pdb source: SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373772577.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2520766407.00000000013D9000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Resize.pdb source: SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviAudIO.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Settings.pdb!! source: SlideshowMaker.exe, 00000009.00000003.1373022188.0000000001082000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AccelerationTracker.pdb!! source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CC9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\DesktopNotification.pdb source: SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373772577.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreApp.pdb source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorSerialization.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\SlideshowMaker.pdb<<* source: SlideshowMaker.exe, 00000009.00000002.2504217955.0000000000479000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\work\SDK\glog\0.3.4\lib\Win\msvc-14.0\x86\libglog-msvc-14.pdb source: SlideshowMaker.exe, 00000009.00000002.2510216302.00000000007EE000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PlayerControl.pdb## source: SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Settings.pdb source: SlideshowMaker.exe, 00000009.00000003.1373022188.0000000001082000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vcruntime140.i386.pdbGCTL source: SlideshowMaker.exe, 00000009.00000002.2511227658.0000000000891000.00000020.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ClientAPI.pdb source: SlideshowMaker.exe, 00000009.00000003.1375528089.0000000004419000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviTracker.pdb(( source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000500000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsSvg.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorTransitions.pdb!! source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtUtil.pdb source: SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Presets.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AudioRendererSDL.pdb$$! source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\SDK\glog\0.3.4\lib\Win\msvc-14.0\x86\libglog-msvc-14.pdb"" source: SlideshowMaker.exe, 00000009.00000002.2510216302.00000000007EE000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OpenglSwitcherAPI.pdb## source: SlideshowMaker.exe, 00000009.00000002.2516496387.0000000000C5A000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373215076.00000000009D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorTransitions.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ASSWrapper.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviIO.pdb66 source: SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EffectsSpecial.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtDownloadManager.pdb$$ source: SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373772577.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2520766407.00000000013D9000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x86\VmX.pdb source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2506359177.000000000076B000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2515205517.000000001003C000.00000002.10000000.00040000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1262219785.0000000000799000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1262165775.000000000078C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x86\StubExe.pdb source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2508095933.0000000000920000.00000004.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2509935348.0000000000C70000.00000040.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000000.1260047165.0000000000401000.00000020.00000001.01000000.00000003.sdmp
Source: Binary string: C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x64\StubExe.pdb source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2508095933.0000000000920000.00000004.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2509935348.0000000000C70000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\DataHelpers.pdb source: SlideshowMaker.exe, 00000009.00000003.1375748412.000000000469E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ResourceUtil.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2515646507.0000000000C18000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsSvg.pdb## source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtMediaUi.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EffectFactory.pdb source: SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\SlideshowMaker.pdb source: SlideshowMaker.exe, 00000009.00000002.2504217955.0000000000479000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtUi.pdb source: SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviAudIO.pdb33" source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CodecFactory.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\BeatDetection.pdb&&" source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreTime.pdb source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375871241.0000000003F41000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PlayerControl.pdb source: SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OpenglSwitcherAPI.pdb source: SlideshowMaker.exe, 00000009.00000002.2516496387.0000000000C5A000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373215076.00000000009D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ComputingResourceManager.pdb"" source: SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsFramework.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CrashHandler.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\NagScreen.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\UpdateChecker.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AccelerationTracker.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CC9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreInt.pdbJJ$ source: SlideshowMaker.exe, 00000009.00000002.2508176517.00000000006CA000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1355258737.0000000000716000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PatentActivator.pdb$$ source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorSerialization.pdb&& source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PackageInstaller.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PlayerEngine.pdb)) source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtMediaUtil.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: concrt140.i386.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OglManager.pdb source: SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreLocalization.pdb!! source: SlideshowMaker.exe, 00000009.00000002.2507314676.0000000000627000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x86\Vm.pdb source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2508095933.0000000000920000.00000004.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2509935348.0000000000C70000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\DesktopNotification.pdb%% source: SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373772577.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorImports.pdb source: SlideshowMaker.exe, 00000009.00000002.2509730262.00000000007A7000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsDecoration.pdb++ source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MediaTypes.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MuxerFactory.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsFramework.pdb%% source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OverlayEngine.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: concrt140.i386.pdbGCTL source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ProcInt.pdb@@! source: SlideshowMaker.exe, 00000009.00000002.2517703919.0000000000EAC000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1372954438.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtMediaUi.pdb"" source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OglManager.pdb88! source: SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Converters.pdb!! source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PlayerEngine.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Resize.pdb source: SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\SocialProtocol.pdb77 source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AppUtil.pdb00 source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ClientAPI.pdb55! source: SlideshowMaker.exe, 00000009.00000003.1375528089.0000000004419000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\FFWrapper.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorOverlays.pdb source: SlideshowMaker.exe, 00000009.00000002.2508762188.000000000073D000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\FilterFactory.pdb source: SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PackageInstaller.pdb,, source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CrashSenderWrapper.pdb source: SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375492747.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373772577.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Tracker.pdb source: SlideshowMaker.exe, 00000009.00000002.2512404317.00000000008D5000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditingScene.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Policies.pdb source: SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\SDLManager.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Demuxers.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MagnetizeTools.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreLocalization.pdb source: SlideshowMaker.exe, 00000009.00000002.2507314676.0000000000627000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Threading.pdb source: SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsDecoration.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\VideoRendererOGLQt.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\WebBrowser.pdb33' source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtUtil.pdbKK! source: SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ProcInt.pdb source: SlideshowMaker.exe, 00000009.00000002.2517703919.0000000000EAC000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1372954438.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\StreamReader.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreManager.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\NagScreen.pdb,, source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\TrackerFactory.pdb source: SlideshowMaker.exe, 00000009.00000002.2514748268.0000000000BD1000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GeneralMovaviTrackerWrapper.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Threading.pdb!! source: SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AudioRendererSDL.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtUi.pdbHH source: SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Converters.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PackageInstallerModule.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\SocialProtocol.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\WebBrowser.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PubSub.pdb!! source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ASSWrapper.pdb!! source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\VideoRendererOGLQt.pdb## source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vcruntime140.i386.pdb source: SlideshowMaker.exe, 00000009.00000002.2511227658.0000000000891000.00000020.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviIO.pdb source: SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreInt.pdb source: SlideshowMaker.exe, 00000009.00000002.2508176517.00000000006CA000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1355258737.0000000000716000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MediaTypes.pdb&& source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GeneralMovaviTrackerWrapper.pdb## source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviTracker.pdb source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000500000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PubSub.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Presets.pdb!! source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\FFWrapper.pdb,,! source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MagnetizeTools.pdb%% source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AppUtil.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\UpdateChecker.pdb&& source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Jump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\Jump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: C:\Users\user\AppData\Local\Temp\SPOON\CACHE\Jump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: C:\Users\user\Desktop\Data\roaming\modified\@APPDATA@\Movavi Slideshow Maker 4\Jump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: C:\Users\user\AppData\Local\Temp\SPOON\Jump to behavior
Source: Joe Sandbox ViewJA3 fingerprint: a795593605a13211941d44505b4d1e39
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global trafficHTTP traffic detected: GET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_close&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95&protocol=1&rnd=29789&os=win&act_key= HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mip2.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_start&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95&protocol=1&rnd=29792&os=win&act_key= HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mip2.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /api/v1/codec/all/?akey=&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95 HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzip, deflateAccept-Language: en-CH,*User-Agent: Mozilla/5.0Host: codec-activate.movavi.com
Source: global trafficHTTP traffic detected: GET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=capture_screencast&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95&protocol=1&rnd=29792&os=win&act_key= HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mip2.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=major_update&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95&protocol=1&rnd=29792&os=win&act_key= HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mip2.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /webnagscreens/crossale_suite/style.css HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: img.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /webnagscreens/crossale_suite/it.png HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: img.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /webnagscreens/crossale_suite/btn_close_it.png HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: img.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /webnagscreens/crossale_suite/btn_buy_it.png HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: img.movavi.comConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_close&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95&protocol=1&rnd=29789&os=win&act_key= HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mip2.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_start&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95&protocol=1&rnd=29792&os=win&act_key= HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mip2.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /api/v1/codec/all/?akey=&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95 HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzip, deflateAccept-Language: en-CH,*User-Agent: Mozilla/5.0Host: codec-activate.movavi.com
Source: global trafficHTTP traffic detected: GET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=capture_screencast&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95&protocol=1&rnd=29792&os=win&act_key= HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mip2.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=major_update&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95&protocol=1&rnd=29792&os=win&act_key= HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mip2.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /webnagscreens/crossale_suite/style.css HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: img.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /webnagscreens/crossale_suite/it.png HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: img.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /webnagscreens/crossale_suite/btn_close_it.png HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: img.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /webnagscreens/crossale_suite/btn_buy_it.png HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: img.movavi.comConnection: Keep-Alive
Source: SlideshowMaker.exe, 00000009.00000003.1372843707.0000000000CC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: d04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1email.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06www.google.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3login.yahoo.com39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:293e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47login.skype.com92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43addons.mozilla.orgb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0login.live.comd8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0global trustee05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56*.google.com0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Root CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Services CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services 1024 CA0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Root CA G2a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21CertiID Enterprise Certificate Authority5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Qualified CA46:9c:2c:b007:27:10:0dDigiNotar Cyber CA07:27:0f:f907:27:10:0301:31:69:b0DigiNotar PKIoverheid CA Overheid en Bedrijven01:31:34:bfDigiNotar PKIoverheid CA Organisatie - G2d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar Extended Validation CA1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Public CA 202546:9c:2c:af46:9c:3c:c907:27:14:a9Digisign Server ID (Enrich)4c:0e:63:6aDigisign Server ID - (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0UTN-USERFirst-Hardware41MD5 Collisions Inc. (http://www.phreedom.org/md5)08:27*.EGO.GOV.TR08:64e-islem.kktcmerkezbankasi.org03:1d:a7AC DG Tr equals www.yahoo.com (Yahoo)
Source: SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: YoutubeYouTubechannels?part=id&mine=truesnippet,statusE:\J\WS\VE124\ext\appcore\src\Movavi\Social\Protocol\YoutubeProtocol.cppitems/0/idhttps://www.youtube.com/channel/%1pictureFailed to retrieve upload URLhttps://www.youtube.com/watch?v=%1H equals www.youtube.com (Youtube)
Source: SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: auth_type=rerequest&albumcaptiontitledescriptioncontent_categoryattached_mediamessagenameprivacypublishedmepublic_profilepublish_actionsuser_photoshttps://www.facebook.com/v2.9/dialog/oauth?Facebookme?fields=nameme?fields=idme?fields=pictureme/albums?fields=name,can_uploadme/albumsapplication/jsonimage/jpeg"form-data; name="source"; filename="/%1/photosstartform-data; name="upload_phase"text/plainform-data; name="file_size"media_fbid/me/feedme/permissions?fields=permission,statusCan not parse as JSON: E:\J\WS\VE124\ext\appcore\src\Movavi\Social\Protocol\FacebookProtocol.cpphttp://facebook.com/%1picture/data/urljpgdatacan_uploadstatuspermissionhttp://www.facebook.com/photo.php?fbid=successhttp://www.facebook.com/me/videos/%1upload_session_idvideo_idFailed to retrieve upload session ID failed, chunk size = Upload task with ticket of Trying again, retry Retry limit exceeded cancelled failedend_offsetstart_offset from - Uploading file: transferform-data; name="upload_session_id"form-data; name="start_offset"form-data; name="video_file_chunk"; filename="video/*finisht equals www.facebook.com (Facebook)
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.facebook.com/me/videos/%1 equals www.facebook.com (Facebook)
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.facebook.com/photo.php?fbid= equals www.facebook.com (Facebook)
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/v2.9/dialog/oauth? equals www.facebook.com (Facebook)
Source: SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/youtube.upload https://www.googleapis.com/auth/youtube https://www.googleapis.com/auth/userinfo.profile equals www.youtube.com (Youtube)
Source: SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo?alt=jsonhttps://www.googleapis.com/youtube/v3/%1https://www.googleapis.com/upload/youtube/v3/videos?uploadType=resumable&part=%1tagscategoryIdprivacyStatusYoutube::FieldsResourceFilm & Animation1Autos & Vehicles210Pets & Animals1517Travel & Events19Gaming20People & Blogs222324News & Politics25Howto & Style26Education27Science & Technology28Nonprofits & Activism29Private privacy descriptionPrivateprivatePublic privacy descriptionPublicpublicUnlisted privacy descriptionUnlistedunlisted<>,snippet equals www.youtube.com (Youtube)
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/upload/youtube/v3/videos?uploadType=resumable&part=%1 equals www.youtube.com (Youtube)
Source: SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373772577.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/upload/youtube/v3/videos?uploadType=resumable&part=%1l equals www.youtube.com (Youtube)
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/%1 equals www.youtube.com (Youtube)
Source: SlideshowMaker.exe, 00000009.00000002.2521155477.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/%1lly equals www.youtube.com (Youtube)
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/channel/%1 equals www.youtube.com (Youtube)
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=%1 equals www.youtube.com (Youtube)
Source: SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: {'value':'EVERYONE'}{'value':'FRIENDS_OF_FRIENDS'}{'value':'ALL_FRIENDS'}{'value':'SELF'}https://graph.facebook.com/v2.9/%1https://graph-video.facebook.com/v2.9/%1/videosgranteddeclinedidpost_id/posts/_https://www.facebook.com/Facebook::FieldsResourcePrivacy All descriptionPrivacy AllPrivacy Friends descriptionPrivacy FriendsPrivacy Me descriptionPrivacy MeBeauty & fashionBEAUTY_FASHIONBusinessBUSINESSCars & trucksCARS_TRUCKSComedyCOMEDYCute animalsCUTE_ANIMALSEntertainmentENTERTAINMENTFamilyFAMILYFood & healthFOOD_HEALTHHomeHOMELifestyleLIFESTYLEMusicMUSICNewsNEWSPoliticsPOLITICSScienceSCIENCESportsSPORTSTechnologyTECHNOLOGYVideo gamingVIDEO_GAMINGOtherOTHER equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: start.turbo.net
Source: global trafficDNS traffic detected: DNS query: mip2.movavi.com
Source: global trafficDNS traffic detected: DNS query: codec-activate.movavi.com
Source: global trafficDNS traffic detected: DNS query: img.movavi.com
Source: unknownHTTP traffic detected: POST /services/1.0/activity/vm-18.4.1281.0/run HTTP/1.1Spoon-ConfigId: 9D0F48FB-5A85-4D60-82CD-6B9F784D932BSpoon-ConfigDigest: dd217e68ba4377edc484768b4f73528bSpoon-BuildId: CFFB171A-E983-4234-BD47-C5170F552F60Spoon-MacDigest: F2975D73EFCEDDB89CC9438A1FB4AF6C8F8B857BSpoon-DeviceIp: 192.168.2.7Spoon-TrialProduct: TrueSpoon-StartupFile: @APPDATA@\Movavi Slideshow Maker 4\SlideshowMaker.exeUser-Agent: SpoonVm/1.0Host: start.turbo.netContent-Length: 0Cache-Control: no-cache
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 25 Oct 2024 07:49:59 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cache, privateX-Error-Ex: Not found nagscreens from DBX-XSS-Protection: 0X-Frame-Options: SAMEORIGINReferrer-Policy: strict-origin-when-cross-origin
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 25 Oct 2024 07:50:01 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cache, privateX-Error-Ex: Not found nagscreens from DBX-XSS-Protection: 0X-Frame-Options: SAMEORIGINReferrer-Policy: strict-origin-when-cross-origin
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 25 Oct 2024 07:50:01 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cache, privateX-Error-Ex: Not found nagscreens from DBX-XSS-Protection: 0X-Frame-Options: SAMEORIGINReferrer-Policy: strict-origin-when-cross-origin
Source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%1/get_settings.php?key=%2&version=%3&tracker=%4
Source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%1/index.php?key=%2&version=%3&tracker=%4
Source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%1/index.php?key=%2&version=%3&tracker=%4http://%1/get_settings.php?key=%2&version=%3&tracker
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%1/
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%1/application/x-www-form-urlencodedcode.%1expires.%1refreshtoken.%1response_typecl
Source: SlideshowMaker.exe, 00000009.00000002.2504217955.0000000000479000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://activate.movavi.com/activate3.php?pname=-APP_NAME-&hwid=-HARDWAREID-&akey=-APP_KEY-&version=-
Source: SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://activate.movavi.com/activateapple.php?pname=-APP_NAME-&hwid=-HARDWAREID-&akey=-APP_KEY-&versi
Source: SlideshowMaker.exe, 00000009.00000003.1372843707.0000000000CC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bugreports.qt.io/
Source: SlideshowMaker.exe, 00000009.00000003.1372843707.0000000000CC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bugreports.qt.io/finishedServerMicrosoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogic
Source: SlideshowMaker.exe, 00000009.00000003.1392867696.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397813930.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codec-activate.movavi.com/api/v1/codec/activate/?akey=-LICENSE_KEY-&huid=-HASH_USER_ID-&codec
Source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://creativecommons.org/licenses/by-nd/4.0/
Source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://creativecommons.org/licenses/by-nd/4.0/Blogger
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2508095933.0000000000920000.00000004.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2509935348.0000000000C70000.00000040.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1262165775.00000000007F9000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2506359177.00000000007F9000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2508095933.0000000000C62000.00000004.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1262165775.000000000078C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2508095933.0000000000920000.00000004.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2509935348.0000000000C70000.00000040.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1262165775.00000000007F9000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2506359177.00000000007F9000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2508095933.0000000000C62000.00000004.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1262165775.000000000078C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dharmatype.com)
Source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dharmatype.com_______________________________________________________________________________
Source: SlideshowMaker.exe, 00000009.00000002.2516496387.0000000000C5A000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373215076.00000000009D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://files.movavi.com/dl/support/DevicesList
Source: SlideshowMaker.exe, 00000009.00000002.2516496387.0000000000C5A000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373215076.00000000009D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://files.movavi.com/dl/support/DevicesListOglManager::GetOglVersion()
Source: SlideshowMaker.exe, 00000009.00000003.1392867696.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2516496387.0000000000C5A000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397813930.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373215076.00000000009D0000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://files.movavi.com/dl/support/opengl32software.zip
Source: SlideshowMaker.exe, 00000009.00000002.2516496387.0000000000C5A000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373215076.00000000009D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://files.movavi.com/dl/support/opengl32software.zipOpenglSwitcher.exedll.dllDownloading
Source: SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fontfabric.com/
Source: SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fontfabric.com/Copyright
Source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img.movavi.com/webnagscreens/crossale_suite/btn_close_it.png
Source: SlideshowMaker.exe, 00000009.00000003.1392867696.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397813930.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000009.00000003.1392867696.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397813930.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/-TAIL_WITH_ARGS-f0
Source: SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buy-suitefromslideshow/?asrc=crossnag_sc_vs&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buy-suitefromslideshow/?asrc=crossnag_sc_vs&-TAIL_WITH_ARGS-Y
Source: SlideshowMaker.exe, 00000009.00000003.1375871241.0000000003F41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/support/activating_packages/?asrc=packageinstallationwizard&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000009.00000002.2521155477.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/support/activation_offline/?asrc=activationwizard&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/support/activation_online/?asrc=activationwizard&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/support/activation_online/?asrc=activationwizard&-TAIL_WITH_ARGS-ITH_A
Source: SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/thank_you_for_install/?app=-APP_NAME--AMP-module=-MODULE_NAME--AMP-version=-
Source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375871241.0000000003F41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mingw-w64.sourceforge.net/X
Source: SlideshowMaker.exe, 00000009.00000003.1392867696.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397813930.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mip2.movavi.com/get_nag.php?app=-APP_NAME-&module=-MODULE_NAME-&app_ver=-APP_VERSION-&partner
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2508095933.0000000000920000.00000004.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2509935348.0000000000C70000.00000040.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1262165775.00000000007F9000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2506359177.00000000007F9000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2508095933.0000000000C62000.00000004.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1262165775.000000000078C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-start-end-entity
Source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-whitespace-only-CharData
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2503329866.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373259320.00000000005E5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375748412.000000000474D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393717459.0000000005AC0000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391903450.000000000495D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375492747.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rh.symcb.com/rh.crl0
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2503329866.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373259320.00000000005E5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375748412.000000000474D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393717459.0000000005AC0000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391903450.000000000495D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375492747.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rh.symcb.com/rh.crt0
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2503329866.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373259320.00000000005E5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375748412.000000000474D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393717459.0000000005AC0000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391903450.000000000495D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375492747.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rh.symcd.com0&
Source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.s
Source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375871241.0000000003F41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2503329866.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373259320.00000000005E5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375748412.000000000474D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393717459.0000000005AC0000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391903450.000000000495D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410850215.0000000004B7D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375492747.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373259320.00000000005E5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375748412.000000000474D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393717459.0000000005AC0000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391903450.000000000495D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375492747.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1388990833.00000000053E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com0
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2503329866.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373259320.00000000005E5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375748412.000000000474D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393717459.0000000005AC0000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391903450.000000000495D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410850215.0000000004B7D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375492747.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com06
Source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-start-end-entity
Source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharData
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373259320.00000000005E5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375748412.000000000474D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393717459.0000000005AC0000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391903450.000000000495D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410850215.0000000004B7D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004E9A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375492747.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373259320.00000000005E5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375748412.000000000474D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393717459.0000000005AC0000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391903450.000000000495D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410850215.0000000004B7D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004E9A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375492747.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373259320.00000000005E5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375748412.000000000474D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393717459.0000000005AC0000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391903450.000000000495D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410850215.0000000004B7D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004E9A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375492747.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2506359177.000000000076B000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2511470869.0000000001153000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://turbo.net/studio.
Source: SlideshowMaker.exe, 00000009.00000002.2512997144.00000000009DD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://webvisor.com
Source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.FirstSiteGuide.comhttp://www.4thfebruary.com.uaCreative
Source: SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A00000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Digitized
Source: SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0http://www.apache.org/licenses/LICENSE-2.0Open
Source: SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/
Source: SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.ht
Source: SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
Source: SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html
Source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontfabric.comhttp://www.doublezerocreatives.com
Source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontfabric.comhttp://www.doublezerocreatives.comCopyright
Source: SlideshowMaker.exe, 00000009.00000003.1372843707.0000000000CC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phreedom.org/md5)
Source: SlideshowMaker.exe, 00000009.00000003.1372843707.0000000000CC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phreedom.org/md5)08:27
Source: Movavi Slideshow Maker 4.exe, 00000000.00000003.1270576405.0000000002C3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.or
Source: SlideshowMaker.exe, 00000009.00000002.2521882853.00000000016BE000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521882853.00000000016BE000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll-/qiodevice_seek_file_func()
Source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521882853.00000000016BE000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll1.2.8
Source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
Source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaceshttp://xml.org/sax/features/namespace-prefixeshttp://trolltech
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/token
Source: SlideshowMaker.exe, 00000009.00000003.1457169383.000000000BD61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.vimeo.com/%1
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.vimeo.com/%1VimeoE:
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.vimeo.com/oauth/access_token
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.vimeo.com/oauth/authorize
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.vimeo.com/oauth/authorizehttps://api.vimeo.com/oauth/access_tokenhttp://127.0.0.1:%1/app
Source: SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.haxx.se/V
Source: SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.haxx.se/docs/copyright.htmlD
Source: SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.sy
Source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.sym
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2503329866.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373259320.00000000005E5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375748412.000000000474D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393717459.0000000005AC0000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391903450.000000000495D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410850215.0000000004B7D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004E9A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375492747.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373772577.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/r
Source: SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2503329866.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373259320.00000000005E5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375748412.000000000474D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393717459.0000000005AC0000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391903450.000000000495D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410850215.0000000004B7D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375492747.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373259320.00000000005E5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375748412.000000000474D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393717459.0000000005AC0000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391903450.000000000495D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375492747.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1388990833.00000000053E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa06
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?authuser=%1
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?authuser=%1https://www.googleapis.com/drive/v3/%1https://www.googleapis.co
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/open?id=%1
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i.vimeocdn.com/portrait/%1_300x300
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i2.wp.com/i.vimeocdn.com/portrait/defaults-green_300x300.png?ssl=1
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i2.wp.com/i.vimeocdn.com/portrait/defaults-green_300x300.png?ssl=1urihttps://i.vimeocdn.com/
Source: SlideshowMaker.exe, 00000009.00000003.1398102368.0000000004984000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mip2.movavi.com
Source: SlideshowMaker.exe, 00000009.00000003.1410670335.0000000004DD7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2512997144.00000000009DD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mip2.movavi.com/get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partn
Source: SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mip2.movavi.com/nagscreen/follow?cont_id=226&app=slideshowcreator&app_ver=4-1-0&lang=it&huid
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2503329866.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373259320.00000000005E5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375748412.000000000474D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393717459.0000000005AC0000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391903450.000000000495D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375492747.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://movavi.com0/
Source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&s
Source: SlideshowMaker.exe, 00000009.00000002.2512997144.00000000009DD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://portal1.comm100.io;
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2511937457.0000000002C19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://start.turbo.net/
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2514077868.0000000003557000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2511937457.0000000002C19000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1356807073.0000000003557000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://start.turbo.net/services/1.0/activity/vm-18.4.1281.0/run
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2514077868.0000000003557000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1356807073.0000000003557000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://start.turbo.net/services/1.0/activity/vm-18.4.1281.0/run$Uu
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2511937457.0000000002C19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://start.turbo.net/services/1.0/activity/vm-18.4.1281.0/runF
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2514077868.0000000003557000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1356807073.0000000003557000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://start.turbo.net/services/1.0/activity/vm-18.4.1281.0/runsvT#
Source: SlideshowMaker.exe, 00000009.00000003.1457169383.000000000BD61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.g.doubleclick.net/j/collecta.U
Source: SlideshowMaker.exe, 00000009.00000003.1457169383.000000000BD61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tagassistant.google.com/
Source: SlideshowMaker.exe, 00000009.00000003.1457169383.000000000BD61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: SlideshowMaker.exe, 00000009.00000003.1457169383.000000000BD61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: SlideshowMaker.exe, 00000009.00000003.1457169383.000000000BD61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.%/ads/ga-audiences
Source: SlideshowMaker.exe, 00000009.00000003.1457169383.000000000BD61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/ads/ga-audiences
Source: SlideshowMaker.exe, 00000009.00000003.1392867696.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397813930.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/drive
Source: SlideshowMaker.exe, 00000009.00000003.1392867696.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397813930.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/drive.appdata
Source: SlideshowMaker.exe, 00000009.00000003.1392867696.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397813930.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/drive.file
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/plus.mehttps://accounts.google.com/o/oauth2/authhttps://accounts.goo
Source: SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/userinfo.profile
Source: SlideshowMaker.exe, 00000009.00000003.1392867696.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397813930.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/youtube
Source: SlideshowMaker.exe, 00000009.00000003.1392867696.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397813930.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/youtube.upload
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/drive/v3/%1
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo?alt=json
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo?alt=jsonhttps://www.googleapis.com/youtube/v3/%1https:
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/upload/drive/v3/files?uploadType=resumable
Source: SlideshowMaker.exe, 00000009.00000003.1392867696.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397813930.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/upload/drive/v3/files?uploadType=resumablew
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/upload/youtube/v3/videos?uploadType=resumable&part=%1
Source: SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373772577.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/upload/youtube/v3/videos?uploadType=resumable&part=%1l
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/%1
Source: SlideshowMaker.exe, 00000009.00000002.2521155477.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/%1lly
Source: SlideshowMaker.exe, 00000009.00000003.1457169383.000000000BD61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/channel/%1
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/channel/%1pictureFailed
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=%1
Source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=%1H
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownHTTPS traffic detected: 104.26.14.179:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 84.16.252.107:443 -> 192.168.2.7:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 84.16.252.107:443 -> 192.168.2.7:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 84.16.252.107:443 -> 192.168.2.7:49738 version: TLS 1.2
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2506359177.000000000076B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameX.VirtualizationRuntime.dllL vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2508095933.0000000000920000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameStubExe.exeL vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2508095933.0000000000920000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVm.dllL vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2509935348.0000000000C70000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameStubExe.exeL vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2513570655.00000000030A0000.00000002.00000001.00040000.000000A1.sdmpBinary or memory string: System.OriginalFileName vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000003.1263598521.0000000002C4D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .System.OriginalFileName vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000003.1262932734.0000000002C40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .System.OriginalFileName vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000003.1268582387.0000000003501000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: System.OriginalFileName vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2515449806.000000001005C000.00000002.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameX.VirtualizationRuntime.dllL vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000003.1263846130.0000000002C4F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .System.OriginalFileName vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2509935348.0000000000F99000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVm.dllL vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000000.1260065129.00000000004FA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSlideshowMaker.exe, vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000003.1266629942.0000000003044000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <propertyDescription name="System.OriginalFileName" formatID="{0CEF7D53-FA64-11D1-A203-0000F81FEDEE}" propID="6"> vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000003.1262219785.0000000000799000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameX.VirtualizationRuntime.dllL vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000003.1262165775.000000000078C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameX.VirtualizationRuntime.dllL vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal72.evad.winEXE@3/485@4/3
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile created: C:\Users\user\Desktop\DataJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMutant created: \Sessions\1\BaseNamedObjects\Local\__VMX_0x005DB7B3
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeMutant created: \Sessions\1\BaseNamedObjects\Local\__VMX_0x005DA719
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeMutant created: \Sessions\1\BaseNamedObjects\Global\__VMX_0x005DA719
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMutant created: \Sessions\1\BaseNamedObjects\Global\__VMX_0x005DB7B3
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile created: C:\Users\user\AppData\Local\Temp\SPOON\Jump to behavior
Source: Movavi Slideshow Maker 4.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe "C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe"
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeProcess created: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe "C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe" /864A627C-C6B2-464A-AA13-25D62F282BD8
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeProcess created: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe "C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe" /864A627C-C6B2-464A-AA13-25D62F282BD8 Jump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: httpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: httpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: corelocalization.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: coreint.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libglog-msvc-14.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: boost_system-vc140-mt-1_60.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: boost_chrono-vc140-mt-1_60.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: boost_filesystem-vc140-mt-1_60.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: confint.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: boost_locale-vc140-mt-1_60.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: trackerfactory.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: tracker.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: coretracker.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: openglswitcherapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5widgets.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5gui.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5core.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5network.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: oglmanager.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: procint.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: settings.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: boost_thread-vc140-mt-1_60.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: boost_date_time-vc140-mt-1_60.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: glew32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: opengl32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: glu32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mqtutil.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5multimedia.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: movaviio.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mqtdownloadmanager.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libcurl.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: quazip.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: patentactivator.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: codecpolicycontroller.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: application.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: desktopnotification.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: coreapp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5quick.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5qml.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: nagscreen.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: webbrowser.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: resourceutil.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: apputil.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: crashhandler.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: crashsenderwrapper.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: packageinstallermodule.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editorlogic.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5xml.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5xmlpatterns.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: clientapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: coremanager.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: codecfactory.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: muxerfactory.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: datahelpers.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: ffwrapper.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: avutil.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libgcc_s_dw2-1.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libwinpthread-1.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: swresample.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: avcodec.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: avformat.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: avfilter.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: avresample.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libass.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: swscale.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: parserfactory.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: policies.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: filterfactory.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: effectfactory.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: computingresourcemanager.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: threading.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: asswrapper.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mediatypes.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: demuxers.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: presets.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: streamreader.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: converters.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: coretime.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mqtmediautil.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: playercontrol.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: playerengine.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: boost_timer-vc140-mt-1_60.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: audiorenderersdl.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: sdlmanager.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: sdl.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: videorendereroglqt.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: movaviaudio.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: exivmetadata.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: videoanalyzer.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: concrt140.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: generalmovavitrackerwrapper.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: accelerationtracker.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: cudamanager.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: beatdetection.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: pubsub.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editorserialization.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editormodel.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editorutil.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mqtui.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5winextras.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mqtmediaui.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: graphicsframework.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editingscene.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: graphicsdecoration.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: magnetizetools.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editoreffects.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editortransitions.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: overlayengine.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: graphicssvg.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5svg.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: packageinstaller.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editormodule.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: effectsspecial.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: updatechecker.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: socialprotocol.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editorview.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editoroverlays.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editorimports.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: filmmaker.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wintab32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: generalplugin.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msiso.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libeay32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: movavitracker.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: boost_regex-vc140-mt-1_60.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: effectsipp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: effects.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: effectsff.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: resize.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: effectsogl.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: effectsstock.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: decodersff.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: encodersff.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: databridge.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d9core.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d11core.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dxva2.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: encoderlossless.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: bitstreamfilterff.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: decodercuda.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: encodercuda.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: nvapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: nvcuda.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: nvencodeapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: encodernvenc.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: decoderim.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: encoderim.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: imcore.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libmfxhw32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libmfxhw32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libmfxhw32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libmfxhw32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: decodermf.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfwrapper.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfplat.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mf.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfplat.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msdmo.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfcore.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: ksuser.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfperfhelper.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: rtworkq.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: comppkgsup.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: windows.media.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: windows.applicationmodel.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msauddecmft.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wmadmod.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wmspdmod.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msamrnbdecoder.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfdvdec.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msmpeg2vdec.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfmjpegdec.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mp4sdecd.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mpg4decd.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mp43decd.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wmvsdecd.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wmvdecod.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfaacenc.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wmadmoe.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msac3enc.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfh264enc.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wmvxencd.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: encodermf.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: decoderraw.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: vcomp140.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: filtersff.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: filters.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: filtersogl.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: filtersspeex.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: muxers.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: parsersff.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: charsetrecode.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: parserraw.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: parsersmf.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Movavi Slideshow Maker 4.exeStatic file information: File size 80474129 > 1048576
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreApp.pdb**! source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ParserFactory.pdb source: SlideshowMaker.exe, 00000009.00000003.1391903450.000000000495D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ComputingResourceManager.pdb source: SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditingScene.pdb)) source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Policies.pdb""! source: SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\BeatDetection.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CodecPolicyController.pdb source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PatentActivator.pdb source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OverlayEngine.pdb'' source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreTime.pdb source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375871241.0000000003F41000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtDownloadManager.pdb source: SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373772577.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2520766407.00000000013D9000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Resize.pdb source: SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviAudIO.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Settings.pdb!! source: SlideshowMaker.exe, 00000009.00000003.1373022188.0000000001082000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AccelerationTracker.pdb!! source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CC9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\DesktopNotification.pdb source: SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373772577.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreApp.pdb source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorSerialization.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\SlideshowMaker.pdb<<* source: SlideshowMaker.exe, 00000009.00000002.2504217955.0000000000479000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\work\SDK\glog\0.3.4\lib\Win\msvc-14.0\x86\libglog-msvc-14.pdb source: SlideshowMaker.exe, 00000009.00000002.2510216302.00000000007EE000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PlayerControl.pdb## source: SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Settings.pdb source: SlideshowMaker.exe, 00000009.00000003.1373022188.0000000001082000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vcruntime140.i386.pdbGCTL source: SlideshowMaker.exe, 00000009.00000002.2511227658.0000000000891000.00000020.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ClientAPI.pdb source: SlideshowMaker.exe, 00000009.00000003.1375528089.0000000004419000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviTracker.pdb(( source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000500000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsSvg.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorTransitions.pdb!! source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtUtil.pdb source: SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Presets.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AudioRendererSDL.pdb$$! source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\SDK\glog\0.3.4\lib\Win\msvc-14.0\x86\libglog-msvc-14.pdb"" source: SlideshowMaker.exe, 00000009.00000002.2510216302.00000000007EE000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OpenglSwitcherAPI.pdb## source: SlideshowMaker.exe, 00000009.00000002.2516496387.0000000000C5A000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373215076.00000000009D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorTransitions.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ASSWrapper.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviIO.pdb66 source: SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EffectsSpecial.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtDownloadManager.pdb$$ source: SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373772577.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2520766407.00000000013D9000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x86\VmX.pdb source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2506359177.000000000076B000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2515205517.000000001003C000.00000002.10000000.00040000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1262219785.0000000000799000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1262165775.000000000078C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x86\StubExe.pdb source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2508095933.0000000000920000.00000004.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2509935348.0000000000C70000.00000040.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000000.1260047165.0000000000401000.00000020.00000001.01000000.00000003.sdmp
Source: Binary string: C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x64\StubExe.pdb source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2508095933.0000000000920000.00000004.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2509935348.0000000000C70000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\DataHelpers.pdb source: SlideshowMaker.exe, 00000009.00000003.1375748412.000000000469E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ResourceUtil.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2515646507.0000000000C18000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsSvg.pdb## source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtMediaUi.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EffectFactory.pdb source: SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\SlideshowMaker.pdb source: SlideshowMaker.exe, 00000009.00000002.2504217955.0000000000479000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtUi.pdb source: SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviAudIO.pdb33" source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CodecFactory.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\BeatDetection.pdb&&" source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreTime.pdb source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375871241.0000000003F41000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PlayerControl.pdb source: SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OpenglSwitcherAPI.pdb source: SlideshowMaker.exe, 00000009.00000002.2516496387.0000000000C5A000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373215076.00000000009D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ComputingResourceManager.pdb"" source: SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsFramework.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CrashHandler.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\NagScreen.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\UpdateChecker.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AccelerationTracker.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CC9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreInt.pdbJJ$ source: SlideshowMaker.exe, 00000009.00000002.2508176517.00000000006CA000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1355258737.0000000000716000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PatentActivator.pdb$$ source: SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorSerialization.pdb&& source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PackageInstaller.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PlayerEngine.pdb)) source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtMediaUtil.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: concrt140.i386.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OglManager.pdb source: SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreLocalization.pdb!! source: SlideshowMaker.exe, 00000009.00000002.2507314676.0000000000627000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x86\Vm.pdb source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2508095933.0000000000920000.00000004.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2509935348.0000000000C70000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\DesktopNotification.pdb%% source: SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373772577.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorImports.pdb source: SlideshowMaker.exe, 00000009.00000002.2509730262.00000000007A7000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsDecoration.pdb++ source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MediaTypes.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MuxerFactory.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsFramework.pdb%% source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OverlayEngine.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: concrt140.i386.pdbGCTL source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ProcInt.pdb@@! source: SlideshowMaker.exe, 00000009.00000002.2517703919.0000000000EAC000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1372954438.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtMediaUi.pdb"" source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OglManager.pdb88! source: SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Converters.pdb!! source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PlayerEngine.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Resize.pdb source: SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\SocialProtocol.pdb77 source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AppUtil.pdb00 source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ClientAPI.pdb55! source: SlideshowMaker.exe, 00000009.00000003.1375528089.0000000004419000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\FFWrapper.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorOverlays.pdb source: SlideshowMaker.exe, 00000009.00000002.2508762188.000000000073D000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\FilterFactory.pdb source: SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PackageInstaller.pdb,, source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CrashSenderWrapper.pdb source: SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375492747.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373772577.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Tracker.pdb source: SlideshowMaker.exe, 00000009.00000002.2512404317.00000000008D5000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditingScene.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Policies.pdb source: SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\SDLManager.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Demuxers.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MagnetizeTools.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreLocalization.pdb source: SlideshowMaker.exe, 00000009.00000002.2507314676.0000000000627000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Threading.pdb source: SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsDecoration.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\VideoRendererOGLQt.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\WebBrowser.pdb33' source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtUtil.pdbKK! source: SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ProcInt.pdb source: SlideshowMaker.exe, 00000009.00000002.2517703919.0000000000EAC000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1372954438.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\StreamReader.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreManager.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\NagScreen.pdb,, source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\TrackerFactory.pdb source: SlideshowMaker.exe, 00000009.00000002.2514748268.0000000000BD1000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GeneralMovaviTrackerWrapper.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Threading.pdb!! source: SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AudioRendererSDL.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtUi.pdbHH source: SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Converters.pdb source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PackageInstallerModule.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\SocialProtocol.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\WebBrowser.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PubSub.pdb!! source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ASSWrapper.pdb!! source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\VideoRendererOGLQt.pdb## source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vcruntime140.i386.pdb source: SlideshowMaker.exe, 00000009.00000002.2511227658.0000000000891000.00000020.10000000.00040000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviIO.pdb source: SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreInt.pdb source: SlideshowMaker.exe, 00000009.00000002.2508176517.00000000006CA000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1355258737.0000000000716000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MediaTypes.pdb&& source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GeneralMovaviTrackerWrapper.pdb## source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviTracker.pdb source: SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000500000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PubSub.pdb source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Presets.pdb!! source: SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391932278.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.0000000004986000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\FFWrapper.pdb,,! source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MagnetizeTools.pdb%% source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394274414.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AppUtil.pdb source: SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\UpdateChecker.pdb&& source: SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp
Source: SlideshowMaker.exe.0.drStatic PE information: real checksum: 0xdc081 should be: 0xde681
Source: Movavi Slideshow Maker 4.exeStatic PE information: section name: .xcpad
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_698f0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05820000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05850000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_6c460000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorView.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_00e30000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05480000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\FilmMaker.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05cd0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_041c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_00400000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_04220000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_045c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05ca0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avformat.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_06130000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_06240000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_056c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_6aec0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_6a7c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_053a0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_01190000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_65bc0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_040e0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avcodec.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Application.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_62c80000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avfilter.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_66980000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_015a0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\libeay32.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05f20000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05750000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_6a400000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05500000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorLogic.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Quick.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_693a0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_6a810000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_65200000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_040c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_042d0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_04570000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_04770000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_04350000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_6b8d0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_044e0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05910000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_00bc0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05700000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_00ff0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05d40000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05f50000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05b10000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_69120000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile created: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_6be00000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorUtil.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_06310000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\ConfInt.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_00db0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_04160000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05790000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_6aa50000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05570000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_01210000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_64000000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_6c8f0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_6a640000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_00650000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\libass.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_00c30000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05640000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_062e0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Core.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_6eb40000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05c50000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorModule.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05ec0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_00610000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_6b100000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05c10000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_055b0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_008f0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_06350000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\SlideshowMaker.exeJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_004e0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\DecoderRAW.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_04520000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_050e0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05ae0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_055f0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_050b0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\VideoAnalyzer.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_058f0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_054c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Gui.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Widgets.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_00780000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5XmlPatterns.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Filters.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_013d0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Qml.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_00b40000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_00710000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\GeneralPlugin.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_01150000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_01360000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_6cde0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_64b40000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05fb0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_6d270000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorModel.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_6bb50000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_01120000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\CudaManager.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\ExivMetadata.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_04280000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_63180000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05890000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_05670000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\7888_01730000_tls.dllJump to dropped file

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeWindow searched: window name: FilemonClass
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeWindow searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeWindow searched: window name: RegmonClass
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeWindow searched: window name: FilemonClass
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeWindow searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 688433AE second address: 688433B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 688433B3 second address: 68842BF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B06D9B02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a or dword ptr [ebp+165E1EC4h], esi 0x00000010 push dword ptr [ebp+165E0921h] 0x00000016 stc 0x00000017 call dword ptr [ebp+165E366Dh] 0x0000001d pushad 0x0000001e cld 0x0000001f xor eax, eax 0x00000021 mov dword ptr [ebp+165E2E33h], eax 0x00000027 pushad 0x00000028 sub si, EF37h 0x0000002d popad 0x0000002e mov edx, dword ptr [esp+28h] 0x00000032 xor dword ptr [ebp+165E2E33h], esi 0x00000038 ja 00007F69B06D9B02h 0x0000003e mov dword ptr [ebp+165E2B26h], eax 0x00000044 jmp 00007F69B06D9B02h 0x00000049 mov esi, 0000003Ch 0x0000004e jmp 00007F69B06D9B09h 0x00000053 add esi, dword ptr [esp+24h] 0x00000057 jns 00007F69B06D9B0Dh 0x0000005d lodsw 0x0000005f pushad 0x00000060 sub dword ptr [ebp+165E2E33h], edi 0x00000066 or dword ptr [ebp+165E1B84h], eax 0x0000006c popad 0x0000006d add eax, dword ptr [esp+24h] 0x00000071 xor dword ptr [ebp+165E2E33h], edx 0x00000077 jmp 00007F69B06D9AFFh 0x0000007c mov ebx, dword ptr [esp+24h] 0x00000080 jl 00007F69B06D9B02h 0x00000086 pushad 0x00000087 mov ax, 44D7h 0x0000008b jo 00007F69B06D9AF6h 0x00000091 popad 0x00000092 cmc 0x00000093 nop 0x00000094 push eax 0x00000095 push edx 0x00000096 push eax 0x00000097 push edx 0x00000098 js 00007F69B06D9AF6h 0x0000009e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68842BF9 second address: 68842BFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68842BFD second address: 68842C03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68842C03 second address: 68842C1F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E520Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jg 00007F69B15E5206h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689B8195 second address: 689B81AC instructions: 0x00000000 rdtsc 0x00000002 jo 00007F69B06D9AF8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007F69B06D9AF8h 0x00000015 push edi 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689B81AC second address: 689B8237 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov si, 0065h 0x0000000d push 00000000h 0x0000000f jno 00007F69B15E520Ch 0x00000015 push CD659EA7h 0x0000001a push eax 0x0000001b jns 00007F69B15E520Ch 0x00000021 pop eax 0x00000022 add dword ptr [esp], 329A61D9h 0x00000029 mov dx, 0B32h 0x0000002d push 00000003h 0x0000002f mov dword ptr [ebp+165E1B30h], edi 0x00000035 push 00000000h 0x00000037 mov dword ptr [ebp+165E3991h], esi 0x0000003d push 00000003h 0x0000003f push 00000000h 0x00000041 push esi 0x00000042 call 00007F69B15E5208h 0x00000047 pop esi 0x00000048 mov dword ptr [esp+04h], esi 0x0000004c add dword ptr [esp+04h], 0000001Dh 0x00000054 inc esi 0x00000055 push esi 0x00000056 ret 0x00000057 pop esi 0x00000058 ret 0x00000059 jc 00007F69B15E5208h 0x0000005f mov esi, ebx 0x00000061 push 7B69AF08h 0x00000066 jo 00007F69B15E5224h 0x0000006c push eax 0x0000006d push edx 0x0000006e jo 00007F69B15E5206h 0x00000074 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689B8325 second address: 689B8397 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov eax, dword ptr [eax] 0x00000008 push edx 0x00000009 jg 00007F69B06D9AF8h 0x0000000f pushad 0x00000010 popad 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 jmp 00007F69B06D9B07h 0x0000001b pop eax 0x0000001c cld 0x0000001d cmc 0x0000001e push 00000003h 0x00000020 or edi, dword ptr [ebp+165E2B1Eh] 0x00000026 push 00000000h 0x00000028 jmp 00007F69B06D9AFEh 0x0000002d push 00000003h 0x0000002f mov dword ptr [ebp+165E195Dh], edx 0x00000035 push D443FDDFh 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d ja 00007F69B06D9AF6h 0x00000043 jmp 00007F69B06D9B03h 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689B8549 second address: 689B8553 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F69B15E5206h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689B8553 second address: 689B856D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69B06D9B06h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689A943E second address: 689A9444 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689A9444 second address: 689A9448 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689D7B43 second address: 689D7B47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689D8089 second address: 689D808D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689D8306 second address: 689D830A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689D830A second address: 689D8310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689D8442 second address: 689D8446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689D8446 second address: 689D8469 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F69B06D9AF6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007F69B06D9B03h 0x00000012 jmp 00007F69B06D9AFDh 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689D8469 second address: 689D846D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689D88B0 second address: 689D88C5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jo 00007F69B06D9AF6h 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689CCD71 second address: 689CCD75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689D8D09 second address: 689D8D0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689D8D0D second address: 689D8D11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689D8D11 second address: 689D8D29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F69B06D9AFDh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689D8D29 second address: 689D8D2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689D9961 second address: 689D9966 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689D9966 second address: 689D9986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007F69B15E5218h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689D9986 second address: 689D99AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B06D9B03h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jg 00007F69B06D9B2Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689A5F4D second address: 689A5F52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689A5F52 second address: 689A5F6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F69B06D9AFFh 0x00000008 jg 00007F69B06D9AF6h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E187A second address: 689E1893 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F69B15E520Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E1893 second address: 689E18A2 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F69B06D9AF6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E18A2 second address: 689E18AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jl 00007F69B15E5206h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E19E6 second address: 689E1A0B instructions: 0x00000000 rdtsc 0x00000002 js 00007F69B06D9AFAh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007F69B06D9B27h 0x00000010 pushad 0x00000011 jmp 00007F69B06D9AFEh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E1B72 second address: 689E1B98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F69B15E5211h 0x0000000d jne 00007F69B15E5206h 0x00000013 js 00007F69B15E5206h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E2154 second address: 689E215A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E215A second address: 689E2160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E2160 second address: 689E2166 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E2166 second address: 689E2193 instructions: 0x00000000 rdtsc 0x00000002 js 00007F69B15E5206h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F69B15E5211h 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d push edi 0x0000001e pushad 0x0000001f popad 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E2193 second address: 689E21B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B06D9B06h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E2881 second address: 689E28AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F69B15E521Dh 0x0000000c jmp 00007F69B15E5215h 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 jc 00007F69B15E5220h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E28AE second address: 689E28D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B06D9B04h 0x00000009 jp 00007F69B06D9B02h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E2A85 second address: 689E2A92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jnc 00007F69B15E5206h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E2A92 second address: 689E2AB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F69B06D9B09h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E30B7 second address: 689E30D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jc 00007F69B15E5206h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 popad 0x00000012 jmp 00007F69B15E520Fh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E367D second address: 689E368D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B06D9AFBh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E368D second address: 689E3692 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E3D21 second address: 689E3D27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E3D27 second address: 689E3D2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E3D2B second address: 689E3D34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E3D34 second address: 689E3D76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F69B15E5218h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F69B15E5218h 0x00000013 jng 00007F69B15E5206h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E3F1B second address: 689E3F1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E4389 second address: 689E438F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E9643 second address: 689E9655 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007F69B06D9AF6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E9655 second address: 689E966D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E5214h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E966D second address: 689E96B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B06D9AFDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e pushad 0x0000000f push esi 0x00000010 pop esi 0x00000011 jnc 00007F69B06D9AF6h 0x00000017 popad 0x00000018 jmp 00007F69B06D9B04h 0x0000001d popad 0x0000001e mov eax, dword ptr [eax] 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 jns 00007F69B06D9AF6h 0x00000029 push edx 0x0000002a pop edx 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E84EF second address: 689E84F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E84F4 second address: 689E84F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689E84F9 second address: 689E84FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689AAEEB second address: 689AAEEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689AAEEF second address: 689AAEFC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689AAEFC second address: 689AAF04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689ED8D2 second address: 689ED8D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689EDA56 second address: 689EDA72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69B06D9B02h 0x00000009 jnl 00007F69B06D9AF6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689EDBEA second address: 689EDBF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689EE05A second address: 689EE06F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F69B06D9AFEh 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689EE06F second address: 689EE086 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F69B15E5206h 0x0000000a jmp 00007F69B15E520Dh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689EE086 second address: 689EE08A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689EE08A second address: 689EE09F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007F69B15E5206h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689EE09F second address: 689EE0C8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F69B06D9AFAh 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pushad 0x00000014 jg 00007F69B06D9AF6h 0x0000001a jno 00007F69B06D9AF6h 0x00000020 pushad 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689EE220 second address: 689EE224 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689EE224 second address: 689EE23C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B06D9B04h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689EE23C second address: 689EE256 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69B15E5216h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F1602 second address: 689F161F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jbe 00007F69B06D9AFCh 0x0000000b jo 00007F69B06D9AF6h 0x00000011 popad 0x00000012 push eax 0x00000013 jnp 00007F69B06D9B00h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F161F second address: 689F169D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jng 00007F69B15E5214h 0x00000010 pushad 0x00000011 jbe 00007F69B15E5206h 0x00000017 je 00007F69B15E5206h 0x0000001d popad 0x0000001e mov eax, dword ptr [eax] 0x00000020 jmp 00007F69B15E520Fh 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 jmp 00007F69B15E5210h 0x0000002e pop eax 0x0000002f push 00000000h 0x00000031 push edx 0x00000032 call 00007F69B15E5208h 0x00000037 pop edx 0x00000038 mov dword ptr [esp+04h], edx 0x0000003c add dword ptr [esp+04h], 0000001Dh 0x00000044 inc edx 0x00000045 push edx 0x00000046 ret 0x00000047 pop edx 0x00000048 ret 0x00000049 push 4E2C84C8h 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007F69B15E520Eh 0x00000055 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F17AA second address: 689F17AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F17AE second address: 689F17B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F17B4 second address: 689F17BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F69B06D9AF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F17BE second address: 689F17E2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F69B15E5219h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F2443 second address: 689F2460 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69B06D9B09h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F25E0 second address: 689F25EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F69B15E5206h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F2744 second address: 689F2749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F3620 second address: 689F3624 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F3624 second address: 689F369D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F69B06D9AF8h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 xor si, 0ED5h 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push ebp 0x0000002e call 00007F69B06D9AF8h 0x00000033 pop ebp 0x00000034 mov dword ptr [esp+04h], ebp 0x00000038 add dword ptr [esp+04h], 0000001Dh 0x00000040 inc ebp 0x00000041 push ebp 0x00000042 ret 0x00000043 pop ebp 0x00000044 ret 0x00000045 add dword ptr [ebp+165E1F7Fh], ecx 0x0000004b push 00000000h 0x0000004d mov edi, 299F096Dh 0x00000052 mov edi, dword ptr [ebp+165E1BFCh] 0x00000058 xchg eax, ebx 0x00000059 jno 00007F69B06D9AFCh 0x0000005f push eax 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 popad 0x00000066 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F369D second address: 689F36B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E5217h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F4638 second address: 689F4641 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F51D9 second address: 689F51F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69B15E5213h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F5296 second address: 689F529B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F8CA0 second address: 689F8CAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F8CAA second address: 689F8CAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F9677 second address: 689F968B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69B15E5210h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689FB8D9 second address: 689FB8DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689FB8DD second address: 689FB8E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689FBE2E second address: 689FBE3E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B06D9AFCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689FBE3E second address: 689FBE77 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F69B15E521Ah 0x00000008 jmp 00007F69B15E5214h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jnc 00007F69B15E5218h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689FCFD8 second address: 689FCFEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 jng 00007F69B06D9AFEh 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689FDEF9 second address: 689FDEFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689FDEFD second address: 689FDF44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dword ptr [ebp+165E1952h], ecx 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push esi 0x00000015 call 00007F69B06D9AF8h 0x0000001a pop esi 0x0000001b mov dword ptr [esp+04h], esi 0x0000001f add dword ptr [esp+04h], 0000001Dh 0x00000027 inc esi 0x00000028 push esi 0x00000029 ret 0x0000002a pop esi 0x0000002b ret 0x0000002c push 00000000h 0x0000002e sbb bh, FFFFFFA7h 0x00000031 and bx, 304Dh 0x00000036 push eax 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689FDF44 second address: 689FDF48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A00E19 second address: 68A00E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A00E1D second address: 68A00E22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A01ECA second address: 68A01ECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A01ECE second address: 68A01F2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a popad 0x0000000b nop 0x0000000c jno 00007F69B15E520Ch 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007F69B15E5208h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 00000017h 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e push 00000000h 0x00000030 add dword ptr [ebp+165E200Eh], esi 0x00000036 mov edi, dword ptr [ebp+165E192Eh] 0x0000003c xchg eax, esi 0x0000003d jmp 00007F69B15E5212h 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 push ebx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A01F2E second address: 68A01F33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A03D09 second address: 68A03D58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E520Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F69B15E5208h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 sub ebx, 05168331h 0x0000002c push 00000000h 0x0000002e mov edi, dword ptr [ebp+165E2BB2h] 0x00000034 and edi, dword ptr [ebp+165E2FE5h] 0x0000003a push 00000000h 0x0000003c adc bx, DF4Fh 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 push ebx 0x00000047 pop ebx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A03D58 second address: 68A03D66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B06D9AFAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A05CEA second address: 68A05CF4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F69B15E5206h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A05CF4 second address: 68A05CFB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A05CFB second address: 68A05D09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A08AD9 second address: 68A08B45 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F69B06D9AF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F69B06D9AFFh 0x0000000f popad 0x00000010 nop 0x00000011 jp 00007F69B06D9AF7h 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push ebx 0x0000001c call 00007F69B06D9AF8h 0x00000021 pop ebx 0x00000022 mov dword ptr [esp+04h], ebx 0x00000026 add dword ptr [esp+04h], 0000001Dh 0x0000002e inc ebx 0x0000002f push ebx 0x00000030 ret 0x00000031 pop ebx 0x00000032 ret 0x00000033 mov di, 8CFBh 0x00000037 mov dword ptr [ebp+165E19ABh], ebx 0x0000003d push 00000000h 0x0000003f jmp 00007F69B06D9AFAh 0x00000044 mov edi, dword ptr [ebp+165E2B0Eh] 0x0000004a xchg eax, esi 0x0000004b push eax 0x0000004c push edx 0x0000004d push esi 0x0000004e pushad 0x0000004f popad 0x00000050 pop esi 0x00000051 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A08B45 second address: 68A08B4A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A08B4A second address: 68A08B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F69B06D9B07h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A0A9E3 second address: 68A0A9E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A0A9E7 second address: 68A0A9FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69B06D9B00h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A0A9FB second address: 68A0A9FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A0A9FF second address: 68A0AA94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F69B06D9AF8h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 adc edi, 2D948A29h 0x00000029 xor bh, 00000012h 0x0000002c push esi 0x0000002d and di, 0006h 0x00000032 pop ebx 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ecx 0x00000038 call 00007F69B06D9AF8h 0x0000003d pop ecx 0x0000003e mov dword ptr [esp+04h], ecx 0x00000042 add dword ptr [esp+04h], 0000001Ch 0x0000004a inc ecx 0x0000004b push ecx 0x0000004c ret 0x0000004d pop ecx 0x0000004e ret 0x0000004f mov edi, dword ptr [ebp+165E2C06h] 0x00000055 push 00000000h 0x00000057 push eax 0x00000058 jo 00007F69B06D9AFCh 0x0000005e mov dword ptr [ebp+165E1D20h], esi 0x00000064 pop ebx 0x00000065 xchg eax, esi 0x00000066 push eax 0x00000067 push edx 0x00000068 jmp 00007F69B06D9B08h 0x0000006d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A12CEE second address: 68A12CF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A1432A second address: 68A1432F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A189BE second address: 68A189C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A189C3 second address: 68A189CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F69B06D9AF6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A18A9A second address: 68A18A9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A18A9F second address: 68A18AA4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6899F1F7 second address: 6899F20A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B15E520Dh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A1E3EA second address: 68A1E3F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A1E557 second address: 68A1E574 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B15E5212h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A1E574 second address: 68A1E578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A1E578 second address: 68A1E57C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A1E997 second address: 68A1E99B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A1E99B second address: 68A1E9A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A1E9A5 second address: 68A1E9A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A1E9A9 second address: 68A1E9B3 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F69B15E5206h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A1E9B3 second address: 68A1E9BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A1E9BF second address: 68A1E9C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A1ECD3 second address: 68A1ECD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A228BC second address: 68A228C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A228C0 second address: 68A228D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F69B06D9AFFh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A228D5 second address: 68A228DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A228DB second address: 68A228E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A228E1 second address: 68A228E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F000A second address: 689F000F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F0101 second address: 689F0126 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F69B15E520Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F69B15E5212h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F0434 second address: 689F043E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F69B06D9AF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F043E second address: 68842BF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dx, 2DB2h 0x0000000f push dword ptr [ebp+165E0921h] 0x00000015 mov dx, bx 0x00000018 call dword ptr [ebp+165E366Dh] 0x0000001e pushad 0x0000001f cld 0x00000020 xor eax, eax 0x00000022 mov dword ptr [ebp+165E2E33h], eax 0x00000028 pushad 0x00000029 sub si, EF37h 0x0000002e popad 0x0000002f mov edx, dword ptr [esp+28h] 0x00000033 xor dword ptr [ebp+165E2E33h], esi 0x00000039 ja 00007F69B15E5212h 0x0000003f mov dword ptr [ebp+165E2B26h], eax 0x00000045 jmp 00007F69B15E5212h 0x0000004a mov esi, 0000003Ch 0x0000004f jmp 00007F69B15E5219h 0x00000054 add esi, dword ptr [esp+24h] 0x00000058 jns 00007F69B15E521Dh 0x0000005e lodsw 0x00000060 pushad 0x00000061 sub dword ptr [ebp+165E2E33h], edi 0x00000067 or dword ptr [ebp+165E1B84h], eax 0x0000006d popad 0x0000006e add eax, dword ptr [esp+24h] 0x00000072 xor dword ptr [ebp+165E2E33h], edx 0x00000078 jmp 00007F69B15E520Fh 0x0000007d mov ebx, dword ptr [esp+24h] 0x00000081 jl 00007F69B15E5212h 0x00000087 cmc 0x00000088 nop 0x00000089 push eax 0x0000008a push edx 0x0000008b push eax 0x0000008c push edx 0x0000008d js 00007F69B15E5206h 0x00000093 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F04DE second address: 689F04E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F04E2 second address: 689F0518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F69B15E5208h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f mov eax, dword ptr [eax] 0x00000011 jmp 00007F69B15E5217h 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jc 00007F69B15E5208h 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F0518 second address: 689F051E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F051E second address: 689F05B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F69B15E5208h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 call 00007F69B15E5209h 0x00000028 je 00007F69B15E5210h 0x0000002e pushad 0x0000002f js 00007F69B15E5206h 0x00000035 push edi 0x00000036 pop edi 0x00000037 popad 0x00000038 push eax 0x00000039 jmp 00007F69B15E5211h 0x0000003e mov eax, dword ptr [esp+04h] 0x00000042 jl 00007F69B15E5227h 0x00000048 pushad 0x00000049 jmp 00007F69B15E5212h 0x0000004e jmp 00007F69B15E520Dh 0x00000053 popad 0x00000054 mov eax, dword ptr [eax] 0x00000056 push ebx 0x00000057 jo 00007F69B15E5208h 0x0000005d pushad 0x0000005e popad 0x0000005f pop ebx 0x00000060 mov dword ptr [esp+04h], eax 0x00000064 push eax 0x00000065 push edx 0x00000066 push esi 0x00000067 push edi 0x00000068 pop edi 0x00000069 pop esi 0x0000006a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F05B1 second address: 689F05B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F06CC second address: 689F06D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F06D0 second address: 689F06F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F69B06D9B03h 0x0000000b popad 0x0000000c push eax 0x0000000d js 00007F69B06D9B10h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F07E0 second address: 689F07FB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edi 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push ecx 0x00000011 jp 00007F69B15E5206h 0x00000017 pop ecx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F0954 second address: 689F095E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F69B06D9AFCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F095E second address: 689F0974 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F69B15E520Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F0974 second address: 689F0978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F0A9F second address: 689F0AA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F0AA6 second address: 689F0B1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F69B06D9AF8h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 add dword ptr [ebp+165E19ABh], edi 0x00000029 push 00000004h 0x0000002b push 00000000h 0x0000002d push edi 0x0000002e call 00007F69B06D9AF8h 0x00000033 pop edi 0x00000034 mov dword ptr [esp+04h], edi 0x00000038 add dword ptr [esp+04h], 00000015h 0x00000040 inc edi 0x00000041 push edi 0x00000042 ret 0x00000043 pop edi 0x00000044 ret 0x00000045 jmp 00007F69B06D9B05h 0x0000004a nop 0x0000004b jmp 00007F69B06D9AFCh 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 push ecx 0x00000054 jnp 00007F69B06D9AF6h 0x0000005a pop ecx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F1268 second address: 689F126E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F126E second address: 689F1272 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F1272 second address: 689F128F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F69B15E5212h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689CD963 second address: 689CD97B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B06D9AFCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007F69B06D9AFCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A22E29 second address: 68A22E2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A22E2D second address: 68A22E37 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F69B06D9AF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A22E37 second address: 68A22E72 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F69B15E5206h 0x00000009 pushad 0x0000000a popad 0x0000000b jl 00007F69B15E5206h 0x00000011 popad 0x00000012 jne 00007F69B15E5222h 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A23010 second address: 68A2301B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F69B06D9AF6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2301B second address: 68A23037 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F69B15E520Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A23037 second address: 68A2303B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2303B second address: 68A2305B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F69B15E5217h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2305B second address: 68A23060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A23060 second address: 68A23081 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69B15E520Ah 0x00000009 jmp 00007F69B15E5213h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A23081 second address: 68A23085 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A234BC second address: 68A234C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A234C0 second address: 68A234C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A234C6 second address: 68A234E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F69B15E520Ah 0x0000000e jng 00007F69B15E520Eh 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A234E3 second address: 68A234E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2900A second address: 68A29016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A29016 second address: 68A29039 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69B06D9B00h 0x00000009 jmp 00007F69B06D9AFFh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A29039 second address: 68A2905B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F69B15E5206h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F69B15E5211h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A29325 second address: 68A29341 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F69B06D9B02h 0x00000008 ja 00007F69B06D9AF6h 0x0000000e jbe 00007F69B06D9AF6h 0x00000014 jc 00007F69B06D9B08h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A28D53 second address: 68A28D5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F69B15E5206h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A28D5F second address: 68A28D71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jnc 00007F69B06D9AF6h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A29A6F second address: 68A29A83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edx 0x00000006 jmp 00007F69B15E520Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A29A83 second address: 68A29A8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2A039 second address: 68A2A055 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E5212h 0x00000007 js 00007F69B15E520Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2FF0C second address: 68A2FF10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2FF10 second address: 68A2FF2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F69B15E5206h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jmp 00007F69B15E5210h 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2FF2E second address: 68A2FF34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2FF34 second address: 68A2FF38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2FF38 second address: 68A2FF42 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F69B06D9AF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2FF42 second address: 68A2FF4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2FF4B second address: 68A2FF79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F69B06D9AF6h 0x0000000c jmp 00007F69B06D9AFBh 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pushad 0x00000018 popad 0x00000019 pop ecx 0x0000001a jno 00007F69B06D9AFEh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2EAD3 second address: 68A2EAD8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2EE64 second address: 68A2EE68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2F278 second address: 68A2F2A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E520Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d jmp 00007F69B15E520Bh 0x00000012 push eax 0x00000013 push edx 0x00000014 je 00007F69B15E5206h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2F549 second address: 68A2F573 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B06D9B09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F69B06D9AF8h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2F573 second address: 68A2F579 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2F579 second address: 68A2F581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2FD7F second address: 68A2FD85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2FD85 second address: 68A2FD89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2FD89 second address: 68A2FD8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2FD8D second address: 68A2FDB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F69B06D9B05h 0x00000010 jbe 00007F69B06D9AF6h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A2FDB8 second address: 68A2FDC2 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F69B15E5206h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A39CDC second address: 68A39CE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A39CE2 second address: 68A39CE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A39CE6 second address: 68A39CEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A39CEC second address: 68A39D04 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F69B15E520Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A39D04 second address: 68A39D0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A39D0D second address: 68A39D13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A39701 second address: 68A39706 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A46984 second address: 68A46988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A46988 second address: 68A469A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F69B06D9B06h 0x0000000c jmp 00007F69B06D9B00h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A4529A second address: 68A452A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A4558D second address: 68A45597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F69B06D9AF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A45597 second address: 68A455A3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A455A3 second address: 68A455B1 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F69B06D9AF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A455B1 second address: 68A455BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F69B15E5206h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A455BB second address: 68A455DD instructions: 0x00000000 rdtsc 0x00000002 jo 00007F69B06D9AF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F69B06D9B01h 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A45734 second address: 68A4574D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E520Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007F69B15E5208h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A4574D second address: 68A45752 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A459E1 second address: 68A459E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A459E5 second address: 68A459F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 689F0D1C second address: 689F0D70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E5214h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a add edx, 735726AFh 0x00000010 mov ebx, dword ptr [ebp+16790D0Fh] 0x00000016 and edx, 217AE1CAh 0x0000001c add eax, ebx 0x0000001e push 00000000h 0x00000020 push ebp 0x00000021 call 00007F69B15E5208h 0x00000026 pop ebp 0x00000027 mov dword ptr [esp+04h], ebp 0x0000002b add dword ptr [esp+04h], 00000014h 0x00000033 inc ebp 0x00000034 push ebp 0x00000035 ret 0x00000036 pop ebp 0x00000037 ret 0x00000038 sub dword ptr [ebp+165E19DBh], edi 0x0000003e push eax 0x0000003f pushad 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A466FC second address: 68A46710 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B06D9AFEh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A48129 second address: 68A4812D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A4CC3F second address: 68A4CC5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F69B06D9AFFh 0x0000000e jg 00007F69B06D9AF6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A4CC5D second address: 68A4CC7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E5212h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007F69B15E520Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A4CC7B second address: 68A4CC9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F69B06D9B09h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A4CF1A second address: 68A4CF25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A4CF25 second address: 68A4CF3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F69B06D9B01h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A4CF3C second address: 68A4CF5A instructions: 0x00000000 rdtsc 0x00000002 jo 00007F69B15E5219h 0x00000008 jmp 00007F69B15E5211h 0x0000000d push esi 0x0000000e pop esi 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A52D18 second address: 68A52D1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A52D1E second address: 68A52D31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007F69B15E5210h 0x0000000e push esi 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A52E6C second address: 68A52E72 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A52E72 second address: 68A52E78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A52E78 second address: 68A52E7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A52FC2 second address: 68A52FCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A52FCD second address: 68A53000 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jng 00007F69B06D9AF6h 0x00000010 jmp 00007F69B06D9B01h 0x00000015 jmp 00007F69B06D9AFBh 0x0000001a jns 00007F69B06D9AF6h 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A5389D second address: 68A538A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A538A3 second address: 68A538A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A54156 second address: 68A5415E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A5415E second address: 68A54162 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A54162 second address: 68A5416C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A5416C second address: 68A54170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A549DA second address: 68A549DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A549DE second address: 68A549F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B06D9B01h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A5B9B7 second address: 68A5B9BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A5FDEE second address: 68A5FDF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A5EF38 second address: 68A5EF3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A5F1FC second address: 68A5F202 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A5F202 second address: 68A5F20B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A5F20B second address: 68A5F210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A5F210 second address: 68A5F235 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F69B15E520Ah 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F69B15E5213h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A5F235 second address: 68A5F23C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A5F37B second address: 68A5F392 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E5213h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A5F534 second address: 68A5F53D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A67E08 second address: 68A67E19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F69B15E5206h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A67E19 second address: 68A67E48 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F69B06D9AF6h 0x00000008 je 00007F69B06D9AF6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 jmp 00007F69B06D9B08h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A67E48 second address: 68A67E4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A67E4C second address: 68A67E55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A67E55 second address: 68A67E5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A67E5A second address: 68A67E60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A67E60 second address: 68A67E66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A66516 second address: 68A6651A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A6651A second address: 68A66530 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F69B15E5206h 0x00000008 jg 00007F69B15E5206h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A66694 second address: 68A6669E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F69B06D9AF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A6669E second address: 68A666A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A666A4 second address: 68A666DC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F69B06D9B08h 0x00000008 jmp 00007F69B06D9B02h 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 ja 00007F69B06D9AF6h 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A66A03 second address: 68A66A07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A66A07 second address: 68A66A0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A66A0D second address: 68A66A12 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A65AF5 second address: 68A65B1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F69B06D9B08h 0x0000000a pushad 0x0000000b jc 00007F69B06D9AF6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A65B1B second address: 68A65B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F69B15E5206h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A65B27 second address: 68A65B38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F69B06D9AF6h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A65B38 second address: 68A65B5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E5214h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007F69B15E5206h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A65B5A second address: 68A65B7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F69B06D9B04h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jne 00007F69B06D9AF6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A65B7E second address: 68A65B82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A65B82 second address: 68A65B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A7A370 second address: 68A7A37C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A7A37C second address: 68A7A38C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A7A38C second address: 68A7A392 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A7A392 second address: 68A7A396 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A7934F second address: 68A7935C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F69B15E5206h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A7967E second address: 68A79682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A79682 second address: 68A79686 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A7996B second address: 68A79971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A79C2A second address: 68A79C58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E520Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F69B15E5217h 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A79C58 second address: 68A79C5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A7B9FB second address: 68A7BA01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A7FAFE second address: 68A7FB03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A7FB03 second address: 68A7FB0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F69B15E5206h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A7FB0D second address: 68A7FB11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A7F59D second address: 68A7F5AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B15E520Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A84793 second address: 68A847C2 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F69B06D9AF6h 0x00000008 js 00007F69B06D9AF6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jl 00007F69B06D9AF6h 0x00000017 jmp 00007F69B06D9B05h 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A83448 second address: 68A83451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A83451 second address: 68A8349A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B06D9B00h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F69B06D9B04h 0x00000010 pushad 0x00000011 jbe 00007F69B06D9AF6h 0x00000017 jmp 00007F69B06D9B06h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A83613 second address: 68A83617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A8376A second address: 68A83770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A83770 second address: 68A83775 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A83775 second address: 68A8378C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F69B06D9AFCh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A8378C second address: 68A837AB instructions: 0x00000000 rdtsc 0x00000002 jo 00007F69B15E5206h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jne 00007F69B15E5206h 0x00000017 jo 00007F69B15E5206h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A837AB second address: 68A837B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A837B0 second address: 68A837BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F69B15E5206h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A837BA second address: 68A837D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F69B06D9AFBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c jnc 00007F69B06D9AF6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AB8017 second address: 68AB8021 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F69B15E5206h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AB8021 second address: 68AB802B instructions: 0x00000000 rdtsc 0x00000002 jl 00007F69B06D9B02h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AB802B second address: 68AB8039 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F69B15E5206h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AB8039 second address: 68AB803F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AB803F second address: 68AB8043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AB92B2 second address: 68AB92D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F69B06D9AF6h 0x0000000a pop edi 0x0000000b jmp 00007F69B06D9B08h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AB92D5 second address: 68AB92DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AB92DA second address: 68AB9314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F69B06D9AF6h 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push edi 0x00000016 pushad 0x00000017 jg 00007F69B06D9AF6h 0x0000001d jmp 00007F69B06D9B06h 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AB9314 second address: 68AB9318 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A89121 second address: 68A89125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A89125 second address: 68A8912F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F69B15E5206h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A8912F second address: 68A89135 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AB9BA5 second address: 68AB9BA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68ABEA50 second address: 68ABEA99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F69B06D9AFAh 0x0000000b popad 0x0000000c push ebx 0x0000000d jmp 00007F69B06D9B09h 0x00000012 jns 00007F69B06D9AF6h 0x00000018 pop ebx 0x00000019 pop edi 0x0000001a push ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F69B06D9B03h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68ADAAD6 second address: 68ADAAF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jo 00007F69B15E520Ch 0x0000000b js 00007F69B15E5206h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F69B15E520Bh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68ADAAF6 second address: 68ADAAFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AE53AA second address: 68AE53CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B15E5211h 0x00000009 popad 0x0000000a jg 00007F69B15E520Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AEAE7D second address: 68AEAE93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop ecx 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e jp 00007F69B06D9AF6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AEAE93 second address: 68AEAE9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AEAE9B second address: 68AEAEAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007F69B06D9AF6h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AEB006 second address: 68AEB00A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AEB121 second address: 68AEB127 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AEB127 second address: 68AEB12D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AEB12D second address: 68AEB133 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AEB133 second address: 68AEB137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AEBBA7 second address: 68AEBBBF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B06D9B01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AEBBBF second address: 68AEBBC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AEC34D second address: 68AEC359 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F69B06D9AF6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AEC359 second address: 68AEC35D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AEC4C3 second address: 68AEC4EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B06D9AFEh 0x00000009 jmp 00007F69B06D9B05h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B03148 second address: 68B03152 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F69B15E5206h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B03152 second address: 68B03158 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B03241 second address: 68B03257 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F69B15E520Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B03257 second address: 68B0325B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B25971 second address: 68B2597D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jbe 00007F69B15E5206h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B2597D second address: 68B2599C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F69B06D9AF6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F69B06D9AFAh 0x00000012 jo 00007F69B06D9AFCh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B25211 second address: 68B25216 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68842F8B second address: 68842F99 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F69B06D9AF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68842F99 second address: 68842F9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B3E6F9 second address: 68B3E728 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B06D9B09h 0x00000009 jmp 00007F69B06D9B01h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B3E728 second address: 68B3E76C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E5212h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jnl 00007F69B15E5212h 0x00000010 push eax 0x00000011 push edx 0x00000012 jns 00007F69B15E5206h 0x00000018 jmp 00007F69B15E5213h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B3E88C second address: 68B3E892 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B3E892 second address: 68B3E89E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F69B15E5206h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B3E89E second address: 68B3E8A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F69B06D9AF6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B3E8A9 second address: 68B3E8C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 je 00007F69B15E5206h 0x0000000e pop ebx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B3E8C0 second address: 68B3E8C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B3E8C4 second address: 68B3E8C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B3E8C8 second address: 68B3E8D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B3E8D0 second address: 68B3E8D5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B3ECA4 second address: 68B3ECA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B3ECA8 second address: 68B3ECAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B424F3 second address: 68B424FD instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F69B06D9B02h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B424FD second address: 68B4250E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F69B15E5206h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B4250E second address: 68B42512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B42809 second address: 68B4282F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E520Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F69B15E5215h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B4282F second address: 68B42835 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B429DB second address: 68B429E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B42B3C second address: 68B42B50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B06D9B00h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B42B50 second address: 68B42B66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E520Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jno 00007F69B15E5208h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B42CF2 second address: 68B42D10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B06D9AFBh 0x00000009 pop edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jng 00007F69B06D9AF6h 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B42D10 second address: 68B42D15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B42D15 second address: 68B42D32 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F69B06D9B08h 0x00000008 jmp 00007F69B06D9B02h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B42D32 second address: 68B42D4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B15E5217h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B42E67 second address: 68B42E6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B42E6B second address: 68B42E77 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F69B15E5206h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B42E77 second address: 68B42E86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F69B06D9AFAh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B42E86 second address: 68B42E93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jc 00007F69B15E5223h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B47F10 second address: 68B47F14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B4BB47 second address: 68B4BB51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F69B15E5206h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B4F033 second address: 68B4F044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jmp 00007F69B06D9AFBh 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BB1AA5 second address: 68BB1AA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BB1AA9 second address: 68BB1AAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BB1AAF second address: 68BB1AB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F69B15E5206h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BB53E4 second address: 68BB540B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F69B06D9B02h 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 jnc 00007F69B06D9AF6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BC269A second address: 68BC26A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BC26A5 second address: 68BC26F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 pushad 0x00000007 jmp 00007F69B06D9B06h 0x0000000c jmp 00007F69B06D9B09h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F69B06D9B05h 0x00000018 jnc 00007F69B06D9AF6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BC26F8 second address: 68BC2704 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BC6AA5 second address: 68BC6ABD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B06D9B02h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BC6ABD second address: 68BC6AC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BEA457 second address: 68BEA45B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BF152E second address: 68BF1537 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BF1537 second address: 68BF153B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BF1687 second address: 68BF169F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69B15E5214h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BF1836 second address: 68BF184E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B06D9B03h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BF184E second address: 68BF1879 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E520Bh 0x00000007 push ebx 0x00000008 jmp 00007F69B15E5213h 0x0000000d pop ebx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BF1879 second address: 68BF187D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BF2340 second address: 68BF2350 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F69B15E520Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BF2350 second address: 68BF2367 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F69B06D9AFFh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BF2367 second address: 68BF239C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007F69B15E522Fh 0x00000010 push edi 0x00000011 jbe 00007F69B15E5206h 0x00000017 jmp 00007F69B15E5215h 0x0000001c pop edi 0x0000001d js 00007F69B15E520Ch 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BF2EE0 second address: 68BF2EE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BF2EE4 second address: 68BF2EEE instructions: 0x00000000 rdtsc 0x00000002 jo 00007F69B15E5206h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BF2EEE second address: 68BF2F11 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F69B06D9B05h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F69B06D9AFDh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jo 00007F69B06D9B02h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BF2F11 second address: 68BF2F1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F69B15E5206h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BF2F1F second address: 68BF2F25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BF3201 second address: 68BF3205 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BF3205 second address: 68BF3209 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68BF3209 second address: 68BF320F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0B41C second address: 68B0B420 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0B420 second address: 68B0B434 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E520Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0B434 second address: 68B0B456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F69B06D9AF6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F69B06D9B03h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0B456 second address: 68B0B45A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0A522 second address: 68B0A528 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0A528 second address: 68B0A52D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B2090A second address: 68B2090E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B2090E second address: 68B20914 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B20914 second address: 68B2092F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F69B06D9B02h 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B2092F second address: 68B20935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B20935 second address: 68B20945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F69B06D9AF8h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B1F90C second address: 68B1F93E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F69B15E5215h 0x0000000d jmp 00007F69B15E5215h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AC7300 second address: 68AC7318 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B06D9B03h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68AC7318 second address: 68AC731E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B1FBB3 second address: 68B1FC02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B06D9B06h 0x00000007 jno 00007F69B06D9AFCh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 pushad 0x00000011 push esi 0x00000012 pop esi 0x00000013 jbe 00007F69B06D9AF6h 0x00000019 jmp 00007F69B06D9AFFh 0x0000001e popad 0x0000001f pushad 0x00000020 jno 00007F69B06D9AF6h 0x00000026 jl 00007F69B06D9AF6h 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0A79C second address: 68B0A7A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0A7A1 second address: 68B0A7B7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F69B06D9AFEh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jns 00007F69B06D9AF6h 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0B28D second address: 68B0B291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0B291 second address: 68B0B2D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B06D9B06h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F69B06D9B09h 0x00000010 jmp 00007F69B06D9AFAh 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0B2D4 second address: 68B0B2D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B153F0 second address: 68B153F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B153F4 second address: 68B15401 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B15401 second address: 68B15419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B06D9AFFh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B15419 second address: 68B1541F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B146D3 second address: 68B146E7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F69B06D9AFAh 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B146E7 second address: 68B146EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B216FA second address: 68B21700 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B21700 second address: 68B21711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007F69B15E5206h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B21711 second address: 68B21715 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B21715 second address: 68B2171E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B2171E second address: 68B21723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B14B40 second address: 68B14B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B14B44 second address: 68B14B5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B06D9B07h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68ACEE2F second address: 68ACEE35 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68ACEE35 second address: 68ACEE3E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68ACEB38 second address: 68ACEB4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F69B15E5210h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68ACEB4E second address: 68ACEB71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 jnl 00007F69B06D9AF6h 0x0000000b pop eax 0x0000000c jmp 00007F69B06D9AFCh 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68ACEB71 second address: 68ACEB80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B15E520Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68ACEB80 second address: 68ACEB84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B14CD8 second address: 68B14CDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B14E2A second address: 68B14E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B14E2E second address: 68B14E3D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007F69B15E5206h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B14E3D second address: 68B14E43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B1526F second address: 68B152A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F69B15E5219h 0x0000000b jmp 00007F69B15E5213h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0A922 second address: 68B0A928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0A928 second address: 68B0A947 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push edi 0x0000000b pop edi 0x0000000c jmp 00007F69B15E520Fh 0x00000011 pop ebx 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0A947 second address: 68B0A94E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0A94E second address: 68B0A953 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0AF0B second address: 68B0AF0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0AF0F second address: 68B0AF3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B15E5210h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F69B15E5216h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B0AF3B second address: 68B0AF40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C03B39 second address: 68C03B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F69B15E5211h 0x0000000b popad 0x0000000c jmp 00007F69B15E5219h 0x00000011 push edx 0x00000012 jmp 00007F69B15E520Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C03CB1 second address: 68C03CB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C03CB5 second address: 68C03CD2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E5217h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C03F52 second address: 68C03F92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F69B06D9AF6h 0x0000000a popad 0x0000000b js 00007F69B06D9B09h 0x00000011 jmp 00007F69B06D9B03h 0x00000016 pop ecx 0x00000017 push esi 0x00000018 jmp 00007F69B06D9B06h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C03F92 second address: 68C03F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C044A8 second address: 68C044BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B06D9B01h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C044BD second address: 68C044C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C044C1 second address: 68C044C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C0461F second address: 68C04638 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69B15E5215h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A6B537 second address: 68A6B53B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A6B53B second address: 68A6B53F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A6B53F second address: 68A6B54B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B11765 second address: 68B117A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E5214h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007F69B15E520Ch 0x0000000f jmp 00007F69B15E5215h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B117A1 second address: 68B117A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B117A7 second address: 68B117AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B117AD second address: 68B117B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B117B3 second address: 68B117C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B117C0 second address: 68B117C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B117C4 second address: 68B117E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B15E5212h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jno 00007F69B15E5206h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B117E5 second address: 68B117ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B117ED second address: 68B117FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F69B15E520Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68ACB244 second address: 68ACB261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push esi 0x00000007 pushad 0x00000008 jnl 00007F69B06D9AF6h 0x0000000e jmp 00007F69B06D9AFBh 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68ACAF50 second address: 68ACAF56 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68ACAF56 second address: 68ACAF5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68ACAF5E second address: 68ACAF62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68ACAF62 second address: 68ACAF66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B11A6A second address: 68B11A70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B11A70 second address: 68B11A82 instructions: 0x00000000 rdtsc 0x00000002 js 00007F69B06D9AF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B11BDA second address: 68B11BDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68B11BDF second address: 68B11BEE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F69B06D9AF8h 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C08B30 second address: 68C08B42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F69B15E5206h 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C08B42 second address: 68C08B46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C08B46 second address: 68C08B4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C08B4A second address: 68C08B66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F69B06D9B02h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C08B66 second address: 68C08B7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F69B15E5211h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C08B7D second address: 68C08B82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C08B82 second address: 68C08BAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69B15E520Bh 0x00000009 jmp 00007F69B15E520Ch 0x0000000e popad 0x0000000f jbe 00007F69B15E5212h 0x00000015 jg 00007F69B15E5206h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C08F7E second address: 68C08F82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C08F82 second address: 68C08F88 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C08F88 second address: 68C08FC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F69B06D9B05h 0x0000000b jmp 00007F69B06D9B05h 0x00000010 pushad 0x00000011 jnp 00007F69B06D9AF6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C0636D second address: 68C063A5 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F69B15E5206h 0x00000008 jl 00007F69B15E5206h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 ja 00007F69B15E5212h 0x00000016 popad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F69B15E5210h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C063A5 second address: 68C063A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C06560 second address: 68C06566 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C06807 second address: 68C0680B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68A7477E second address: 68A7479E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F69B15E5213h 0x00000008 jl 00007F69B15E5206h 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C092C4 second address: 68C092EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007F69B06D9AFAh 0x0000000e pushad 0x0000000f popad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 pop eax 0x00000016 jmp 00007F69B06D9B04h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C1292F second address: 68C1295C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69B15E5219h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F69B15E5210h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C1295C second address: 68C12962 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C226AA second address: 68C22719 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F69B15E5212h 0x0000000b push edi 0x0000000c jmp 00007F69B15E520Ch 0x00000011 jmp 00007F69B15E5212h 0x00000016 pop edi 0x00000017 jmp 00007F69B15E520Ah 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jne 00007F69B15E520Eh 0x00000025 pushad 0x00000026 jp 00007F69B15E5206h 0x0000002c jmp 00007F69B15E5212h 0x00000031 push ecx 0x00000032 pop ecx 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68C2151C second address: 68C21520 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 68842C7A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 688406C6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 68A0EC50 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 68AE03EE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 68B02B0D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 68B02B6D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 68B02BC7 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 68B02C12 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 68B02C6C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 68B02CEF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: 75D0000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: CD50000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: CDF0000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: CE10000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: 12890000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: 128F0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: 12990000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: 12AD0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: 12B30000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_698f0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05820000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05850000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_6c460000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_00e30000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05480000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_041c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05cd0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_00400000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_045c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_04220000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05ca0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_06130000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_06240000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_056c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_6aec0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_6a7c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_053a0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_01190000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_65bc0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_040e0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_62c80000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_66980000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_015a0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05f20000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05750000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_6a400000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05500000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_693a0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_6a810000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_65200000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_042d0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_040c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_04570000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_04770000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_04350000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_6b8d0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_044e0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05910000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_00bc0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_00ff0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05700000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05f50000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05d40000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05b10000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_69120000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_6be00000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_06310000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_00db0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_04160000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05790000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_6aa50000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_01210000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05570000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_64000000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_6c8f0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_6a640000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_00650000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_00c30000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05640000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_062e0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_6eb40000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05c50000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_00610000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05ec0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_6b100000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05c10000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_055b0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_008f0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_06350000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\SlideshowMaker.exeJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_004e0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_04520000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_050e0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05ae0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_055f0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_050b0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_058f0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_054c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_00780000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_013d0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_00b40000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_00710000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_01360000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_01150000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_6cde0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_64b40000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05fb0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_6d270000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_6bb50000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_01120000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_04280000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_63180000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05890000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_05670000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\7888_01730000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Jump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\Jump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: C:\Users\user\AppData\Local\Temp\SPOON\CACHE\Jump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: C:\Users\user\Desktop\Data\roaming\modified\@APPDATA@\Movavi Slideshow Maker 4\Jump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: C:\Users\user\AppData\Local\Temp\SPOON\Jump to behavior
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2511937457.0000000002C19000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2511937457.0000000002C19000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-0
Source: SlideshowMaker.exe, 00000009.00000003.1375989926.00000000047F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: xvmcidct
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2511937457.0000000002C19000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2511937457.0000000002C19000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9-%SystemRoot%\system32\wshbth.dllRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2511937457.0000000002C19000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2511937457.0000000002C19000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\HQV
Source: SlideshowMaker.exe, 00000009.00000003.1375989926.00000000047F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: byuyv422rgb24bgr24yuv422pyuv444pyuv410pyuv411pgraygray8,y8monowmonobpal8yuvj420pyuvj422pyuvj444pxvmcmcxvmcidctuyvy422uyyvyy411bgr8bgr4bgr4_bytergb8rgb4rgb4_bytenv12nv21argbabgrgray16bey16begray16ley16leyuv440pyuvj440pyuva420pvdpau_h264vdpau_mpeg1vdpau_mpeg2vdpau_wmv3vdpau_vc1rgb48bergb48lergb565bergb565lergb555bergb555lebgr565bebgr565lebgr555bebgr555levaapi_mocovaapi_idctvaapi_vldyuv420p16leyuv420p16beyuv422p16leyuv422p16beyuv444p16leyuv444p16bevdpau_mpeg4dxva2_vldrgb444lergb444bebgr444lebgr444beya8gray8abgr48bebgr48leyuv420p9beyuv420p9leyuv420p10beyuv420p10leyuv422p10beyuv422p10leyuv444p9beyuv444p9leyuv444p10beyuv444p10leyuv422p9beyuv422p9levda_vldgbrpgbrp9begbrp9legbrp10begbrp10legbrp16begbrp16leyuva422pyuva444pyuva420p9beyuva420p9leyuva422p9beyuva422p9leyuva444p9beyuva444p9leyuva420p10beyuva420p10leyuva422p10beyuva422p10leyuva444p10beyuva444p10leyuva420p16beyuva420p16leyuva422p16beyuva422p16leyuva444p16beyuva444p16levdpauxyz12lexyz12benv16nv20lenv20bergba64bergba64lebgra64bebgra64leyvyu422vdaya16beya16legbrapgbrap16begbrap16leqsvmmald3d11va_vldcuda0rgbrgb00bgrbgr0yuv420p12beyuv420p12leyuv420p14beyuv420p14leyuv422p12beyuv422p12leyuv422p14beyuv422p14leyuv444p12beyuv444p12leyuv444p14beyuv444p14legbrp12begbrp12legbrp14begbrp14leyuvj411pbayer_bggr8bayer_rggb8bayer_gbrg8bayer_grbg8bayer_bggr16lebayer_bggr16bebayer_rggb16lebayer_rggb16bebayer_gbrg16lebayer_gbrg16bebayer_grbg16lebayer_grbg16beyuv440p10leyuv440p10beyuv440p12leyuv440p12beayuv64leayuv64bevideotoolbox_vldp010lep010begbrap12begbrap12legbrap10begbrap10lemediacodecgray12bey12begray12ley12legray10bey10begray10ley10lep016lep016be3
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSystem information queried: ModuleInformation
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information queried: ProcessInformation

Anti Debugging

barindex
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSystem information queried: CodeIntegrityInformationJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSystem information queried: CodeIntegrityInformationJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSystem information queried: CodeIntegrityInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSystem information queried: CodeIntegrityInformation
Hides threads from debuggers
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: NTICE
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: SICE
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSystem information queried: KernelDebuggerInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

barindex
Writes to foreign memory regions
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeMemory written: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe base: 2E6FE0Jump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeProcess created: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe "C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe" /864A627C-C6B2-464A-AA13-25D62F282BD8 Jump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\ProgramData VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		111
Process Injection		1
Masquerading		OS Credential Dumping751
Security Software Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		36
Virtualization/Sandbox Evasion		LSASS Memory36
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Disable or Modify Tools		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
Process Injection		NTDS2
File and Directory Discovery		Distributed Component Object ModelInput Capture15
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets223
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1541901 Sample: Movavi Slideshow Maker 4.exe Startdate: 25/10/2024 Architecture: WINDOWS Score: 72 30 start.turbo.net 2->30 32 mip2.movavi.com 2->32 34 4 other IPs or domains 2->34 6 Movavi Slideshow Maker 4.exe 1 493 2->6         started        process3 dnsIp4 36 start.turbo.net 104.26.14.179, 443, 49699 CLOUDFLARENETUS United States 6->36 16 C:\Users\user\Desktop\...\SlideshowMaker.exe, PE32 6->16 dropped 18 C:\Users\user\...\SlideshowMaker.exe.manifest, ASCII 6->18 dropped 20 C:\Users\user\Desktop\...\SlideshowMaker.exe, PE32 6->20 dropped 42 Writes to foreign memory regions 6->42 44 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 6->44 11 SlideshowMaker.exe 36 235 6->11         started        file5 signatures6 process7 dnsIp8 38 db4t5hkfesjuw.cloudfront.net 18.66.112.33, 49751, 49768, 80 MIT-GATEWAYSUS United States 11->38 40 lsw-03-balancer.movavi.com 84.16.252.107, 443, 49731, 49732 LEASEWEB-DE-FRA-10DE Germany 11->40 22 C:\Users\user\...\7888_6eb40000_tls.dll, PE32 11->22 dropped 24 C:\Users\user\...\7888_6d270000_tls.dll, PE32 11->24 dropped 26 C:\Users\user\...\7888_6cde0000_tls.dll, PE32 11->26 dropped 28 121 other files (none is malicious) 11->28 dropped 46 Tries to detect sandboxes and other dynamic analysis tools (window names) 11->46 48 Tries to evade debugger and weak emulator (self modifying code) 11->48 50 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 11->50 52 4 other signatures 11->52 file9 signatures10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Application.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\ConfInt.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\CudaManager.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\DecoderRAW.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorLogic.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorModel.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorModule.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorUtil.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorView.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\ExivMetadata.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\FilmMaker.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Filters.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\GeneralPlugin.dll5%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Core.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Gui.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Qml.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Quick.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Widgets.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5XmlPatterns.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\SlideshowMaker.exe3%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\VideoAnalyzer.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avcodec.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avfilter.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avformat.dll5%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qgif.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qjpeg.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qtiff.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\libass.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\libeay32.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\platforms\qwindows.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe0%ReversingLabs
C:\Users\user\Desktop\Data\local\temp\7888_00e30000_tls.dll0%ReversingLabs
C:\Users\user\Desktop\Data\local\temp\7888_01210000_tls.dll5%ReversingLabs
C:\Users\user\Desktop\Data\local\temp\7888_05790000_tls.dll2%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://ampcid.google.com/v1/publisher:getClientId0%URL Reputationsafe
https://curl.haxx.se/docs/http-cookies.html0%URL Reputationsafe
https://tagassistant.google.com/0%URL Reputationsafe
http://www.winimage.com/zLibDll0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
start.turbo.net
104.26.14.179
truefalse
    		unknown
    lsw-03-balancer.movavi.com
    		84.16.252.107
    		truefalse
      		unknown
      db4t5hkfesjuw.cloudfront.net
      		18.66.112.33
      		truefalse
        		unknown
        mip2.movavi.com
        		unknown
        		unknownfalse
          		unknown
          img.movavi.com
          		unknown
          		unknownfalse
            		unknown
            codec-activate.movavi.com
            		unknown
            		unknownfalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://mip2.movavi.com/get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=major_update&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95&protocol=1&rnd=29792&os=win&act_key=false
                		unknown
                https://codec-activate.movavi.com/api/v1/codec/all/?akey=&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95false
                  		unknown
                  http://img.movavi.com/webnagscreens/crossale_suite/btn_close_it.pngfalse
                    		unknown
                    http://img.movavi.com/webnagscreens/crossale_suite/btn_buy_it.pngfalse
                      		unknown
                      https://mip2.movavi.com/get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_close&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95&protocol=1&rnd=29789&os=win&act_key=false
                        		unknown
                        https://start.turbo.net/services/1.0/activity/vm-18.4.1281.0/runfalse
                          		unknown
                          http://img.movavi.com/webnagscreens/crossale_suite/it.pngfalse
                            		unknown
                            https://mip2.movavi.com/get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=capture_screencast&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95&protocol=1&rnd=29792&os=win&act_key=false
                              		unknown
                              http://img.movavi.com/webnagscreens/crossale_suite/style.cssfalse
                                		unknown
                                https://mip2.movavi.com/get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_start&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95&protocol=1&rnd=29792&os=win&act_key=false
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://api.vimeo.com/%1VimeoE:SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://qt-project.org/xml/features/report-whitespace-only-CharDataSlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://links.movavi.com/support/activation_online/?asrc=activationwizard&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://links.movavi.com/buy-suitefromslideshow/?asrc=crossnag_sc_vs&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://www.youtube.com/channel/%1SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://xml.org/sax/features/namespace-prefixesSlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://ampcid.google.com/v1/publisher:getClientIdSlideshowMaker.exe, 00000009.00000003.1457169383.000000000BD61000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://api.vimeo.com/oauth/authorizehttps://api.vimeo.com/oauth/access_tokenhttp://127.0.0.1:%1/appSlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://bugreports.qt.io/SlideshowMaker.exe, 00000009.00000003.1372843707.0000000000CC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://fontfabric.com/SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://start.turbo.net/services/1.0/activity/vm-18.4.1281.0/run$UuMovavi Slideshow Maker 4.exe, 00000000.00000002.2514077868.0000000003557000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1356807073.0000000003557000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://s.sSlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://files.movavi.com/dl/support/opengl32software.zipSlideshowMaker.exe, 00000009.00000003.1392867696.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2516496387.0000000000C5A000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397813930.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373215076.00000000009D0000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://i.vimeocdn.com/portrait/%1_300x300SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://curl.haxx.se/docs/copyright.htmlDSlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://start.turbo.net/Movavi Slideshow Maker 4.exe, 00000000.00000002.2511937457.0000000002C19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://api.vimeo.com/oauth/access_tokenSlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  http://www.ascendercorp.com/typedesigners.htmlSlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://d.sySlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://movavi.com0/Movavi Slideshow Maker 4.exe, 00000000.00000002.2503329866.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373259320.00000000005E5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004B80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375748412.000000000474D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1396666711.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.0000000004A6E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393717459.0000000005AC0000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374821434.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391903450.000000000495D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375492747.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373157037.0000000000A8C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://bugreports.qt.io/finishedServerMicrosoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogicSlideshowMaker.exe, 00000009.00000003.1372843707.0000000000CC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://www.phreedom.org/md5)SlideshowMaker.exe, 00000009.00000003.1372843707.0000000000CC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://www.ascendercorp.com/SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://dharmatype.com)SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://www.winimage.com/zLibDll1.2.8SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521882853.00000000016BE000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://links.movavi.com/support/activation_online/?asrc=activationwizard&-TAIL_WITH_ARGS-ITH_ASlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://www.w3.orMovavi Slideshow Maker 4.exe, 00000000.00000003.1270576405.0000000002C3C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      http://codec-activate.movavi.com/api/v1/codec/activate/?akey=-LICENSE_KEY-&huid=-HASH_USER_ID-&codecSlideshowMaker.exe, 00000009.00000003.1392867696.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397813930.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://api.vimeo.com/oauth/authorizeSlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://www.youtube.com/watch?v=%1HSlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sSlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://www.google.%/ads/ga-audiencesSlideshowMaker.exe, 00000009.00000003.1457169383.000000000BD61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://drive.google.com/open?id=%1SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://www.fontfabric.comhttp://www.doublezerocreatives.comSlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://trolltech.com/xml/features/report-start-end-entitySlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://links.movavi.com/-TAIL_WITH_ARGS-f0SlideshowMaker.exe, 00000009.00000003.1392867696.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397813930.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://www.fontfabric.comhttp://www.doublezerocreatives.comCopyrightSlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://www.apache.org/licenses/LICENSE-2.0http://www.apache.org/licenses/LICENSE-2.0OpenSlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://links.movavi.com/buy-suitefromslideshow/?asrc=crossnag_sc_vs&-TAIL_WITH_ARGS-YSlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://d.symSlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://%1/index.php?key=%2&version=%3&tracker=%4SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000500000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://www.phreedom.org/md5)08:27SlideshowMaker.exe, 00000009.00000003.1372843707.0000000000CC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://creativecommons.org/licenses/by-nd/4.0/BloggerSlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://links.movavi.com/thank_you_for_install/?app=-APP_NAME--AMP-module=-MODULE_NAME--AMP-version=-SlideshowMaker.exe, 00000009.00000003.1373077353.0000000000A24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://drive.google.com/?authuser=%1SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://www.winimage.com/zLibDll-/qiodevice_seek_file_func()SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521882853.00000000016BE000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://xml.org/sax/features/namespaceshttp://xml.org/sax/features/namespace-prefixeshttp://trolltechSlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://mip2.movavi.com/get_nag.php?app=-APP_NAME-&module=-MODULE_NAME-&app_ver=-APP_VERSION-&partnerSlideshowMaker.exe, 00000009.00000003.1392867696.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397813930.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://activate.movavi.com/activate3.php?pname=-APP_NAME-&hwid=-HARDWAREID-&akey=-APP_KEY-&version=-SlideshowMaker.exe, 00000009.00000002.2504217955.0000000000479000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://activate.movavi.com/activateapple.php?pname=-APP_NAME-&hwid=-HARDWAREID-&akey=-APP_KEY-&versiSlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://stats.g.doubleclick.net/j/collecta.USlideshowMaker.exe, 00000009.00000003.1457169383.000000000BD61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://i2.wp.com/i.vimeocdn.com/portrait/defaults-green_300x300.png?ssl=1SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://curl.haxx.se/docs/http-cookies.htmlSlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        https://www.youtube.com/channel/%1pictureFailedSlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://files.movavi.com/dl/support/opengl32software.zipOpenglSwitcher.exedll.dllDownloadingSlideshowMaker.exe, 00000009.00000002.2516496387.0000000000C5A000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373215076.00000000009D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://fontfabric.com/CopyrightSlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensedSlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://mip2.movavi.com/get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partnSlideshowMaker.exe, 00000009.00000003.1410670335.0000000004DD7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2512997144.00000000009DD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://links.movavi.com/-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000009.00000003.1392867696.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1391365609.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1390323142.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397813930.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1410095421.000000000506D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://mip2.movavi.comSlideshowMaker.exe, 00000009.00000003.1398102368.0000000004984000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://links.movavi.com/support/activating_packages/?asrc=packageinstallationwizard&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000009.00000003.1375871241.0000000003F41000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://curl.haxx.se/VSlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://dharmatype.com_______________________________________________________________________________SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.ascendercorp.com/http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htSlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.apache.org/licenses/LICENSE-2.0SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://links.movavi.com/support/activation_offline/?asrc=activationwizard&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000009.00000002.2521155477.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://www.youtube.com/watch?v=%1SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://%1/get_settings.php?key=%2&version=%3&tracker=%4SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000500000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://webvisor.comSlideshowMaker.exe, 00000009.00000002.2512997144.00000000009DD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://xml.org/sax/features/namespacesSlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://mip2.movavi.com/nagscreen/follow?cont_id=226&app=slideshowcreator&app_ver=4-1-0&lang=it&huidSlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://files.movavi.com/dl/support/DevicesListSlideshowMaker.exe, 00000009.00000002.2516496387.0000000000C5A000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373215076.00000000009D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://%1/index.php?key=%2&version=%3&tracker=%4http://%1/get_settings.php?key=%2&version=%3&trackerSlideshowMaker.exe, 00000009.00000002.2505976219.0000000000500000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://tagassistant.google.com/SlideshowMaker.exe, 00000009.00000003.1457169383.000000000BD61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://api.vimeo.com/%1SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://www.FirstSiteGuide.comhttp://www.4thfebruary.com.uaCreativeSlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://i2.wp.com/i.vimeocdn.com/portrait/defaults-green_300x300.png?ssl=1urihttps://i.vimeocdn.com/SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://start.turbo.net/services/1.0/activity/vm-18.4.1281.0/runsvT#Movavi Slideshow Maker 4.exe, 00000000.00000002.2514077868.0000000003557000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1356807073.0000000003557000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://www.google.com/ads/ga-audiencesSlideshowMaker.exe, 00000009.00000003.1457169383.000000000BD61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://turbo.net/studio.Movavi Slideshow Maker 4.exe, 00000000.00000002.2506359177.000000000076B000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2511470869.0000000001153000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://mingw-w64.sourceforge.net/XSlideshowMaker.exe, 00000009.00000003.1374251372.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003F41000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375871241.0000000003F41000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://start.turbo.net/services/1.0/activity/vm-18.4.1281.0/runFMovavi Slideshow Maker 4.exe, 00000000.00000002.2511937457.0000000002C19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                http://www.apache.org/licenses/LICENSE-2.0DigitizedSlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A00000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2512997144.0000000000A83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  http://qt-project.org/xml/features/report-start-end-entitySlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://portal1.comm100.io;SlideshowMaker.exe, 00000009.00000002.2512997144.00000000009DD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2521524914.0000000001526000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://creativecommons.org/licenses/by-nd/4.0/SlideshowMaker.exe, 00000009.00000002.2505976219.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://www.winimage.com/zLibDllSlideshowMaker.exe, 00000009.00000002.2521882853.00000000016BE000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://files.movavi.com/dl/support/DevicesListOglManager::GetOglVersion()SlideshowMaker.exe, 00000009.00000002.2516496387.0000000000C5A000.00000002.10000000.00040000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373215076.00000000009D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://trolltech.com/xml/features/report-whitespace-only-CharDataSlideshowMaker.exe, 00000009.00000003.1374878662.0000000003D47000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375161890.0000000003D86000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1375620924.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374251372.0000000003C80000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1374563655.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1373423805.0000000003B81000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://127.0.0.1:%1/SlideshowMaker.exe, 00000009.00000003.1390884817.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1392867696.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1398975329.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1395381060.0000000004CFE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1393289704.0000000004CFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1397208342.0000000004D85000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000009.00000003.1394983389.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown

                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              84.16.252.107
                                                                                                                                                                                                              		lsw-03-balancer.movavi.comGermany
                                                                                                                                                                                                              		28753LEASEWEB-DE-FRA-10DEfalse
                                                                                                                                                                                                              104.26.14.179
                                                                                                                                                                                                              		start.turbo.netUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                              18.66.112.33
                                                                                                                                                                                                              		db4t5hkfesjuw.cloudfront.netUnited States
                                                                                                                                                                                                              		3MIT-GATEWAYSUSfalse

                                                                                                                                                                                                              General Information

                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                              Analysis ID:1541901
                                                                                                                                                                                                              Start date and time:2024-10-25 09:48:48 +02:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 7m 49s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Number of analysed new started processes analysed:17
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                              Sample name:Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                              Classification:mal72.evad.winEXE@3/485@4/3
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 142.250.181.238
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com, www.google-analytics.com
                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                              • VT rate limit hit for: Movavi Slideshow Maker 4.exe

                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                              03:49:55API Interceptor3810x Sleep call for process: SlideshowMaker.exe modified

                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                              IPs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              104.26.14.179Database4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                18.66.112.33https://mcprod.britwyn.co.nzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  https://gb.trabajo.org/job-2895-139dda01f4a9a0ca5d08f2abad5cf8d6?utm_campaign=google_jobs_apply&utm_source=google_jobs_apply&utm_medium=organicGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    start.turbo.netDatabase4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.15.179
                                                                                                                                                                                                                    Database4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.14.179
                                                                                                                                                                                                                    Database4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.75.65
                                                                                                                                                                                                                    PingPlotter.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 64.38.175.53
                                                                                                                                                                                                                    3MTDIEabcoGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 64.38.175.53
                                                                                                                                                                                                                    AtlassianPrivateKeyegen.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 64.38.175.53
                                                                                                                                                                                                                    AtlassianPrivateKeyegen.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 64.38.175.53
                                                                                                                                                                                                                    AtlassianPrivateKeyegen.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 64.38.175.53
                                                                                                                                                                                                                    PmsDView.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 64.38.175.53
                                                                                                                                                                                                                    PmsDView.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 64.38.175.53

                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    CLOUDFLARENETUSNew_Order_568330_Material_Specifications.exeGet hashmaliciousAgentTesla, MassLogger RAT, Phoenix Stealer, RedLine, SugarDump, XWormBrowse
                                                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                                                    OREN Engine Stores Requisition 4th quarter OREN-ES-2024-010 & OREN-ES-2024-011.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                    • 172.67.177.220
                                                                                                                                                                                                                    Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                                                    Scan_Rev 20220731_PO&OC#88SU7782743882874_PDF.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                                                    https://t.ly/BavariaFilmGmbH2410Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                                                    Quote1.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                                                    runtime.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 162.159.138.232
                                                                                                                                                                                                                    runtime.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 162.159.128.233
                                                                                                                                                                                                                    lUAc7lqa56.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.0.5
                                                                                                                                                                                                                    https://temp.farenheit.net/XL1VkZE1FVGZjL0VwUUt5cWc4dkk1SWpqVFFTMUtQZ0krRFhobktOS05RSWpVMTZIYzk3b3hOUTBoZ2VYdnAzM21wZnYwMVBmdGN0MW12M09qVmMzbnNVeVpkeXBxeHVGd2V4eDRvVlZ5dERsakpjbGV3ZVZxRVhlZ0F6Q3hwQlptYUUyRFhHRzY3YkRXQ3hjWmhBZDBpMkNpakJDSnhzUG9xa2k2ZkdacVpDZVhFVFppeUJLcHJIaC0teVVJeERBTFd0K3k3b01rYS0tRk9zSWNIVEd0blVHZVlhTlFnVUxldz09?cid=2242420613Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.18.90.62
                                                                                                                                                                                                                    LEASEWEB-DE-FRA-10DEhttps://m-apkpure.playvoir.com/ru/maiorders-merchant/maiorders.merchantappGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 178.162.215.162
                                                                                                                                                                                                                    na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 84.16.239.119
                                                                                                                                                                                                                    transferencia.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 91.109.20.161
                                                                                                                                                                                                                    Justificante_01102024.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                    • 91.109.20.161
                                                                                                                                                                                                                    http://steam.csworkshoparts.com/filedetails/sharedfile/ak47-DeadRose/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                    • 5.61.42.53
                                                                                                                                                                                                                    Https://25sep26ww.z13.web.core.windows.net/#Get hashmaliciousHTMLPhisher, TechSupportScamBrowse
                                                                                                                                                                                                                    • 217.20.112.104
                                                                                                                                                                                                                    https://telegram-message-8n5.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 217.20.112.104
                                                                                                                                                                                                                    http://two.eagermint.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 217.20.112.104
                                                                                                                                                                                                                    SecuriteInfo.com.Trojan.Inject5.8445.10776.26852.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 37.1.196.35
                                                                                                                                                                                                                    http://umjkitjtsk.top/crp/325gewfkj345Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 84.16.251.24
                                                                                                                                                                                                                    MIT-GATEWAYSUSHUyUkUjJ4y.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 19.174.89.180
                                                                                                                                                                                                                    GSVzm51Pg5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 18.57.8.69
                                                                                                                                                                                                                    3HOhJoCrj5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 18.30.220.195
                                                                                                                                                                                                                    8DKuAcmAMT.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 19.110.56.154
                                                                                                                                                                                                                    la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 19.115.34.254
                                                                                                                                                                                                                    la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 19.92.230.95
                                                                                                                                                                                                                    la.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 19.113.52.55
                                                                                                                                                                                                                    la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 19.196.187.128
                                                                                                                                                                                                                    la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 19.227.203.142
                                                                                                                                                                                                                    la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 19.169.98.210

                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    a795593605a13211941d44505b4d1e39Dlabel_PC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 84.16.252.107
                                                                                                                                                                                                                    T1SN5sRQjf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 84.16.252.107
                                                                                                                                                                                                                    Stremio+4.4.120.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 84.16.252.107
                                                                                                                                                                                                                    37f463bf4616ecd445d4a1937da06e19#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                    • 104.26.14.179
                                                                                                                                                                                                                    • 84.16.252.107
                                                                                                                                                                                                                    EXSP 5634 HISP9005 ST MSDS DOKUME74247liniereletOpsistype.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                    • 104.26.14.179
                                                                                                                                                                                                                    • 84.16.252.107
                                                                                                                                                                                                                    SecuriteInfo.com.Adware.Downware.19992.19939.5790.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.14.179
                                                                                                                                                                                                                    • 84.16.252.107
                                                                                                                                                                                                                    EBalcao_ysx.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.14.179
                                                                                                                                                                                                                    • 84.16.252.107
                                                                                                                                                                                                                    T220UXIoKO.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                    • 104.26.14.179
                                                                                                                                                                                                                    • 84.16.252.107
                                                                                                                                                                                                                    PO%20K22012FA[1].docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.14.179
                                                                                                                                                                                                                    • 84.16.252.107
                                                                                                                                                                                                                    Renommxterne.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                    • 104.26.14.179
                                                                                                                                                                                                                    • 84.16.252.107
                                                                                                                                                                                                                    Produccion.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                    • 104.26.14.179
                                                                                                                                                                                                                    • 84.16.252.107
                                                                                                                                                                                                                    226999705-124613-sanlccjavap0004-67.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                    • 104.26.14.179
                                                                                                                                                                                                                    • 84.16.252.107
                                                                                                                                                                                                                    EL-25-536_40005512_Le Cuivre_23102024.vbeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                    • 104.26.14.179
                                                                                                                                                                                                                    • 84.16.252.107

                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\Caches\{29E56104-0FF4-4610-AFFF-60C8A9578E5E}.2.ver0x0000000000000004.db

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1240
                                                                                                                                                                                                                    Entropy (8bit):3.2437743631987996
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:KYnJYeO2tuj3bYJtCCqqC2hdnCCCqHqql:KgBCYulWCS
                                                                                                                                                                                                                    MD5:A62FBF8AEAC57731FDFA49A91612240D
                                                                                                                                                                                                                    SHA1:A57FF1BB1E05B479D8A72DC97DEF6C13CA076C37
                                                                                                                                                                                                                    SHA-256:BAC16905DBE2C9EED3984C08C432839C7171EAFA368A23872CA09AE80E3D2E46
                                                                                                                                                                                                                    SHA-512:87EC0E85B182EF53D9FBD82803C7FC80B18CBEEBA5C4ABC4D6C12B6D52813AFD62876998B130A9AF9AC98A22F9CCF783570DEE51F871C79B9397D68374291160
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Preview:.....d./....d./....a.)...F..`.W.^....2.e.3.b.e.5.8.e.5.c.b.b.c.0.d.a.0.9.3.9.5.6.b.4.6.a.3.9.0.5.f.1.1.c.f.0.f.5.b.b.f.1.1.9.8.7.a.8.6.1.9.e.2.5.f.7.2.6.1.e.e.8.b.e..... ...8...............................................................................c.u.s.t.o.m...p.r.o.p.d.e.s.c...M.i.c.r.o.s.o.f.t.......O.n.e.N.o.t.e...M.i.c.r.o.s.o.f.t...O.n.e.N.o.t.e...P.a.g.e.E.d.i.t.H.i.s.t.o.r.y.......M.i.c.r.o.s.o.f.t...O.n.e.N.o.t.e...T.a.g.g.e.d.N.o.t.e.s.......M.i.c.r.o.s.o.f.t...O.n.e.N.o.t.e...L.i.n.k.e.d.N.o.t.e.U.r.i...H....................................d.d)..G.6_...a.........Z...................................................................................................................................p.r.o.p.:............................................d.d)..G.6_...a.............................................................................................................................................p.r.o.p.:...............................p...h........d.d)..G.6_...a.....

                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\Caches\{46350403-22B3-49CD-8D95-DF6B4AB3D858}.2.ver0x0000000000000004.db

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1064
                                                                                                                                                                                                                    Entropy (8bit):3.379188988467815
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:185VQkZjnGpXZpO9fOonaMC4fs9posWKC4fsW:1KVQWrGpXZpEfad7cJ7W
                                                                                                                                                                                                                    MD5:35A0FD4ED2D47E865D6BBC8690ED5E30
                                                                                                                                                                                                                    SHA1:480A6A966017E996D18EFF9CC99F77661DAA919D
                                                                                                                                                                                                                    SHA-256:F3277334FCB03497672815B3D577A3B29CC81EBB4A92FC185B7561545ADC9C7D
                                                                                                                                                                                                                    SHA-512:6B38014E84C9B3BE2CCA2DA1C8E0EC837E84BCEB56C3B52BD88DE8B3F742BD30098E47B94B60A915C76F3717BFDE23531F79F9396B461F0570CBF8AE6C28F6BD
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Preview:.....d./....d./.....5F.".I...kJ..X....8.e.2.b.3.7.6.8.6.c.d.d.b.e.e.6.f.7.0.8.e.8.8.9.8.0.1.9.8.5.a.c.1.9.3.a.3.d.6.9.8.c.a.4.6.3.5.3.4.d.9.f.3.c.0.1.7.8.4.0.6.1.f.b.....0...H............................................................... .......(.......v.i.s.i.o.c.u.s.t.o.m...p.r.o.p.d.e.s.c.........M.i.c.r.o.s.o.f.t.......V.i.s.i.o.......M.i.c.r.o.s.o.f.t...V.i.s.i.o...M.a.s.t.e.r.s.K.e.y.w.o.r.d.s...M.i.c.r.o.s.o.f.t...V.i.s.i.o...M.a.s.t.e.r.s.D.e.t.a.i.l.s.....X...................................r.y..qHC..)+..gp....................................................................................................................................M.a.s.t.e.r.s. .K.e.y.w.o.r.d.s. .(.d.e.b.u.g.).................p.r.o.p.:...........................................r.y..qHC..)+..gp....................................................................................................................................M.a.s.t.e.r.s. .K.e.y.w.o.r.d.s. .(.d.e.b.u.g.).................p.r.o.p.:.......

                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):296856
                                                                                                                                                                                                                    Entropy (8bit):3.7215284959730375
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3072:gx8K0D3uhiu6w2PKMF1T7TR42JwtmS9Skm:FTR42Jzk
                                                                                                                                                                                                                    MD5:AB9029762156C755D74F07B08A3F96D7
                                                                                                                                                                                                                    SHA1:7EF7810BD556AC6088EDC61176D30F3232192B15
                                                                                                                                                                                                                    SHA-256:5155E80D77F479AF9577CA6BCA365052BABF78FD7BD45AFE4A2D8CE867F80A21
                                                                                                                                                                                                                    SHA-512:3A059CB5AFA4AC12B2FBB6B9D69093830AAD9D47AF1D6FE9037BFA3C3D1280785BEF396903C07BF7F02F571DBCD3A61F158F83C46ACE00D00CAD519BB3D590E6
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Preview:.....d./....d./...............Z.......Z...X|..........w.i.n.d.o.w.s.p.r.o.p.e.r.t.y.d.e.s.c.r.i.p.t.i.o.n.s...M.i.c.r.o.s.o.f.t.......W.i.n.d.o.w.s...c.u.s.t.o.m...p.r.o.p.d.e.s.c...M.i.c.r.o.s.o.f.t.......O.n.e.N.o.t.e...c.u.s.t.o.m...p.r.o.p.d.e.s.c...M.i.c.r.o.s.o.f.t.......O.n.e.N.o.t.e...v.i.s.i.o.c.u.s.t.o.m...p.r.o.p.d.e.s.c.........M.i.c.r.o.s.o.f.t.......V.i.s.i.o.......v.i.s.i.o.c.u.s.t.o.m...p.r.o.p.d.e.s.c.........M.i.c.r.o.s.o.f.t.......V.i.s.i.o........q...mB....9...8...b.b.6.e.a.9.8.3.f.c.5.8.3.c.3.d.9.d.7.1.2.8.0.b.6.9.d.6.0.3.6.4.0.f.2.c.a.6.c.4.2.b.8.8.8.e.8.9.4.e.f.5.6.3.6.2.9.2.e.c.a.2.7.e....up............a.)...F..`.W.^....2.e.3.b.e.5.8.e.5.c.b.b.c.0.d.a.0.9.3.9.5.6.b.4.6.a.3.9.0.5.f.1.1.c.f.0.f.5.b.b.f.1.1.9.8.7.a.8.6.1.9.e.2.5.f.7.2.6.1.e.e.8.b.e.......................A.o..8.n.....2.e.3.b.e.5.8.e.5.c.b.b.c.0.d.a.0.9.3.9.5.6.b.4.6.a.3.9.0.5.f.1.1.c.f.0.f.5.b.b.f.1.1.9.8.7.a.8.6.1.9.e.2.5.f.7.2.6.1.e.e.8.b.e...................5F.".I...kJ..X(...8.e.2.b.3.7.6.8.

                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\Caches\{D0A4FF55-37CF-46CD-9E40-1A82D5EEBDF6}.2.ver0x0000000000000004.db

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1064
                                                                                                                                                                                                                    Entropy (8bit):3.3836015916085955
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:W4z5VQkZjnGpXZpO9fOonaMC4fs9posWKC4fsW:fVQWrGpXZpEfad7cJ7W
                                                                                                                                                                                                                    MD5:CE52F4B0411CFEF4B287F85937661A4C
                                                                                                                                                                                                                    SHA1:D99AE7CA016806BEC309B2D3F1FB9D483D2E6E56
                                                                                                                                                                                                                    SHA-256:C8BF801B27DF246222B76B69BA164BD007C3671B9144ADCE7AD81CCD6E46E569
                                                                                                                                                                                                                    SHA-512:31A423DC1EBA5D1302CB679C00669D21D67D302C43949AF408AE37B82BF6C29821ACD47ED29DB27E0D143A71736D429310E704F9E81EF1EB15216097FF82EBAF
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Preview:.....d./....d./...U....7.F.@.........8.e.2.b.3.7.6.8.6.c.d.d.b.e.e.6.f.7.0.8.e.8.8.9.8.0.1.9.8.5.a.c.1.9.3.a.3.d.6.9.8.c.a.4.6.3.5.3.4.d.9.f.3.c.0.1.7.8.4.0.6.1.f.b.....0...H............................................................... .......(.......v.i.s.i.o.c.u.s.t.o.m...p.r.o.p.d.e.s.c.........M.i.c.r.o.s.o.f.t.......V.i.s.i.o.......M.i.c.r.o.s.o.f.t...V.i.s.i.o...M.a.s.t.e.r.s.K.e.y.w.o.r.d.s...M.i.c.r.o.s.o.f.t...V.i.s.i.o...M.a.s.t.e.r.s.D.e.t.a.i.l.s.....X...................................r.y..qHC..)+..gp....................................................................................................................................M.a.s.t.e.r.s. .K.e.y.w.o.r.d.s. .(.d.e.b.u.g.).................p.r.o.p.:...........................................r.y..qHC..)+..gp....................................................................................................................................M.a.s.t.e.r.s. .K.e.y.w.o.r.d.s. .(.d.e.b.u.g.).................p.r.o.p.:.......

                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\Caches\{D80AA597-BE91-4112-BB6F-159038E46ED1}.2.ver0x0000000000000004.db

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1240
                                                                                                                                                                                                                    Entropy (8bit):3.2507121604627143
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:VKYnJYeO2tuj3bYJtCCqqC2hdnCCCqHqql:sgBCYulWCS
                                                                                                                                                                                                                    MD5:0EA13495930D635C62541A3A1E7F6763
                                                                                                                                                                                                                    SHA1:45791527B151A1D3E76E6884CA5AC7CBBC38034F
                                                                                                                                                                                                                    SHA-256:405713008B0EF26B93BDD84B8799AE3C36CA4FCE6511ACD647B6869074D6448E
                                                                                                                                                                                                                    SHA-512:E0ED04B7035F8871BD1218283AFF3C0BEC9947F45865C606A7F3EBEDB13F9171D267C547290C47D0C670549EBE1B5471FDAF9910C5D0895DE114572846321EB2
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Preview:.....d./....d./.........A.o..8.n.....2.e.3.b.e.5.8.e.5.c.b.b.c.0.d.a.0.9.3.9.5.6.b.4.6.a.3.9.0.5.f.1.1.c.f.0.f.5.b.b.f.1.1.9.8.7.a.8.6.1.9.e.2.5.f.7.2.6.1.e.e.8.b.e..... ...8...............................................................................c.u.s.t.o.m...p.r.o.p.d.e.s.c...M.i.c.r.o.s.o.f.t.......O.n.e.N.o.t.e...M.i.c.r.o.s.o.f.t...O.n.e.N.o.t.e...P.a.g.e.E.d.i.t.H.i.s.t.o.r.y.......M.i.c.r.o.s.o.f.t...O.n.e.N.o.t.e...T.a.g.g.e.d.N.o.t.e.s.......M.i.c.r.o.s.o.f.t...O.n.e.N.o.t.e...L.i.n.k.e.d.N.o.t.e.U.r.i...H....................................d.d)..G.6_...a.........Z...................................................................................................................................p.r.o.p.:............................................d.d)..G.6_...a.............................................................................................................................................p.r.o.p.:...............................p...h........d.d)..G.6_...a.....

                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):637856
                                                                                                                                                                                                                    Entropy (8bit):3.5915833029306348
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3072:CiccV79+qXMDXLxvSwDzaTDCJs/ReehN6XcIiycb78x/u6PJoyBHH7Z7Rz97Tx:CaTDCJeSP/u6PBzr
                                                                                                                                                                                                                    MD5:1A22277938B46E8F70B93AC2D8DC5A4A
                                                                                                                                                                                                                    SHA1:E0C2DE41994BBA33C70625B7A395C3B057E402B7
                                                                                                                                                                                                                    SHA-256:2FDB8AD6E9CEFF5BBBD28464D3B32B5D10ADD6C26AE89D5514E0D80DCDD8875F
                                                                                                                                                                                                                    SHA-512:82FE21D6E946C24449F3E20E6455441E2D2FBA1E9DA9D9FDCF0C25542547B5DDE40C1296EF41FE33B65A5D80DB2F49E2DA4295F7DF1CA002ACA039BA62C0606B
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Preview:.....d./....d./....q...mB....9.......b.b.6.e.a.9.8.3.f.c.5.8.3.c.3.d.9.d.7.1.2.8.0.b.6.9.d.6.0.3.6.4.0.f.2.c.a.6.c.4.2.b.8.8.8.e.8.9.4.e.f.5.6.3.6.2.9.2.e.c.a.2.7.e.....8...P........`..Z....z..Z...p...Z.............A.............U...@.......P.......w.i.n.d.o.w.s.p.r.o.p.e.r.t.y.d.e.s.c.r.i.p.t.i.o.n.s...M.i.c.r.o.s.o.f.t.......W.i.n.d.o.w.s...S.y.s.t.e.m...A.c.t.i.v.i.t.y...A.c.c.o.u.n.t.I.d.......S.y.s.t.e.m...A.c.t.i.v.i.t.y...A.c.t.i.v.i.t.y.I.d.....S.y.s.t.e.m...A.c.t.i.v.i.t.y...A.p.p.D.i.s.p.l.a.y.N.a.m.e.....S.y.s.t.e.m...A.c.t.i.v.i.t.y...A.p.p.I.m.a.g.e.U.r.i...S.y.s.t.e.m...A.c.t.i.v.i.t.y...A.t.t.r.i.b.u.t.i.o.n.N.a.m.e...S.y.s.t.e.m...A.c.t.i.v.i.t.y...B.a.c.k.g.r.o.u.n.d.C.o.l.o.r...S.y.s.t.e.m...A.c.t.i.v.i.t.y...C.o.n.t.e.n.t.I.m.a.g.e.U.r.i...S.y.s.t.e.m...A.c.t.i.v.i.t.y...C.o.n.t.e.n.t.U.r.i.....S.y.s.t.e.m...A.c.t.i.v.i.t.y...C.o.n.t.e.n.t.V.i.s.u.a.l.P.r.o.p.e.r.t.i.e.s.H.a.s.h...S.y.s.t.e.m...A.c.t.i.v.i.t.y...D.e.s.c.r.i.p.t.i.o.n...S.y.s.t.e.m...A.c.t.i.v.

                                                                                                                                                                                                                    C:\ProgramData\mntemp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:Non-ISO extended-ASCII text, with escape sequences
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                    Entropy (8bit):3.875
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:9RjCTj:ja
                                                                                                                                                                                                                    MD5:9C5B4F3A81047876884743A1B45C1937
                                                                                                                                                                                                                    SHA1:F9AFCDA726359B55942B58B5EAEF124A7B45C357
                                                                                                                                                                                                                    SHA-256:32002A758B0F930C2C4062196BFB97AC145B056EAAD5E2EA8ED7AF0BE9DF4D26
                                                                                                                                                                                                                    SHA-512:1F886BF15A8F5C205F39D5B6693B8D093C6EF5E74F894B3CC1A6EBD3B1DE83111E2FA33FC8D90B8977B16EB7F9574B524834B93A4D1C87DB44090A5017E1F463
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:....1.M.'.n'.W.

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):49120
                                                                                                                                                                                                                    Entropy (8bit):0.0017331682157558962
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Ztt:T
                                                                                                                                                                                                                    MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                                                                                                                                    SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                                                                                                                                    SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                                                                                                                                    SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\btn_close_it[1].png

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PNG image data, 292 x 39, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):10564
                                                                                                                                                                                                                    Entropy (8bit):7.960249674925786
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:192:najTRbB+D3ClKj9+AX0n0aJVvF9BQwvkbtngorJLryzY13SMo:naNB8bE0aJ1FIwvk2sOYxSJ
                                                                                                                                                                                                                    MD5:A486B43DD1E8543CF1EDBCF5111A8969
                                                                                                                                                                                                                    SHA1:DB1E5DA939653D5CDE8600D43BE4EFE9911CB364
                                                                                                                                                                                                                    SHA-256:EEB3783329F1D0CF7B26453791CF25601648F8650B8914121F2CA64998BF8460
                                                                                                                                                                                                                    SHA-512:984599910391573F043D955D350E32C10C3CDA7D3C135363F424FC47DBA9986E2425EB3E108ED59086D7B2B454FF0185C090D4AD4F0F0F1909C0001E73DB64DE
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:.PNG........IHDR...$...'.....)x......sRGB.........gAMA......a.....pHYs...........~.....tEXtSoftware.Paint.NET v3.5.100.r...(.IDATx^..{[7...'.s..$N...e.FuQ,j....D..^\.dK6.%.|.8/.3G.#jK...L.9.......%S..{//s............./......in.,.}..<Km.R.v...s.3.gu.........s.e.p..(.7|.Y..!......Y....8.yZ.0.}.d.d..{_H0..}../.n..<..W.._.......B~..N.n>7.m_d...2..|..S........".{Q.yU.{m........d...k|T?..7.F:.'.Mz.4..m..M..g.N.....>ez.8.rT........UZ.e.;..H.2.n[)]z....Z........S../.......3..S..d..../(..6...L.#.6N.5<U....{...V...G..S.,n..n..l.LoT.D.........Mm.f&5I...iv._=./.'*.#...'s...B....3J4..U.H.-=.[M]......n..v.,....k..r]...8..{..."V~.|.I...9 ....YG.()D.)...._oy.".s^.}I...+r.;.L._...+....../.!V~....O.rt...,.F..c.....lN.N../KO^..|G......N.U..9.$.O.+...,.K......<...gvfR[..&.0.......*.y}.5...]...f.Hn...M.Tzk:....L'+s..Hq/V~._z.....w./....]9.f}...=s...Z;K...$0y.R......s.s.pv}&.:..}.7....lrc>..+=..Y....OR..5s..n.f6O(.;/.....S...;...E..+'&..."..Hnd"...}....g....?..

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\btn_buy_it[1].png

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PNG image data, 292 x 39, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                    Size (bytes):18237
                                                                                                                                                                                                                    Entropy (8bit):7.983032160936168
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:384:XEG5BfrEAfId0741uLJfaKYUw+yyB3ZbhKarcFERhW9:Nb4Ddvu0U9/3ZsdN
                                                                                                                                                                                                                    MD5:FC2597C59C8C818796B58A044BA05BE1
                                                                                                                                                                                                                    SHA1:876E95B8AE4DDCF8422905495E02E7FBD2662503
                                                                                                                                                                                                                    SHA-256:AAC17A193A4E8D0E16200E9A510077B5DB14D76317815A8CAEE41F1064C708D5
                                                                                                                                                                                                                    SHA-512:8FC093D566C7B6A4C5D4E6D7F4E3E7070A426816EA599AFC1356EB866A76D5CB8EF3D34A060B7E3645D9CE930065E664F1835E6C5E0FA13564F592FE9F173F29
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:.PNG........IHDR...$...'.....)x......sRGB.........gAMA......a.....pHYs...........~.....tEXtSoftware.Paint.NET v3.5.100.r...F.IDATx^.w../...{..$....").)..3@...H..T..(Jr..k..k........V^K".. .af.19.NU]].g..[.KA.d..s....wpzznwUW.......vw.}.........X.'.....$..'.zB..+...nw.[......p.+.1>.0\].....G..6W.......zc .....'.p.:....0..g...`.} ......m..6w..`..p..B.7...i.;.C.#1h...c| &..u...Otz.o........A..6w.......l.m0...^....-.....5..p%...G/....J..Mt....|..0.].I.. .....u..#.=.s...o....pk_............`....z......P..}..<Pz .5...4..../.'.....s.B..{..})X......{...9O...(...u......$xH..v.F..F`../.v5..o..[...]8...9s'.R@......~.yW.<.......w.......c.....L...t...=..Ca`.[.y.....YW...B..b......e;!....'.f....P...X}n.8...J../x....e..[.c...w.v..u0.Y..5...pgo..h.$:{a..0w\.o.....stK..._t..o]n_.P..7.2...o.Az.k..@>.-]t....y..1n...tko..'...{(..........\_./.....Nw..7.54q:>.]....Lp.+.s..W.s=q...........A.tE..[.p.........[.1^...o...3.Ia.u ..N.z2..v......F"|.o..[...7..u.'!

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\get_nag[1].htm

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (486), with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):3822
                                                                                                                                                                                                                    Entropy (8bit):5.153678609969055
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:jmMq1kpdJ+7iJwcjL1l9udL3xpmtI+9e04BC/S0OGauVPGXUe1vLWuNwjX5:3ILXMLuLhp/+9erg/S0OBXxKp
                                                                                                                                                                                                                    MD5:A5D3B6FCA013874A4920EE934CA550B4
                                                                                                                                                                                                                    SHA1:3079D5F0E2F76D6341EE0033CC1EA1D01BBAD17E
                                                                                                                                                                                                                    SHA-256:CE41A8C3D25F0418D08D75D9D3F20862F453D8783D68DEDBDC847243EF1AB9D3
                                                                                                                                                                                                                    SHA-512:6C22B6026ECD0D12B77952A09DAEA430CB91A98052564AB4A668529477ACD7EAECBFD4D3CEBB5132B8CC679EDFD3EA8C81F2CDE3BBF2E071A9BE931487E2F82A
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN".."http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.. <title>Do more with your video!</title>.... <link rel="stylesheet" type="text/css" href="http://img.movavi.com/webnagscreens/crossale_suite/style.css" />.... <script type="text/javascript">.. window.external.OnSetSize(800,450);.. </script>..<script>(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create', 'UA-92617-2', 'auto');ga('require', 'displayfeatures');</script></head>....<body scroll="no">.. <div id="nag_container" class="container it">.. <div id="nag_top" cl

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\analytics[1].js

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (2343)
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):52916
                                                                                                                                                                                                                    Entropy (8bit):5.51283890397623
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:oHzaMKHBCwsZtisP5XqYofL+qviHOlTjdNoVJDe6VyKaqgYUD0ZTTE8yVfZsk:caMKH125hYiM8O9dNoVJ3N48yVL
                                                                                                                                                                                                                    MD5:575B5480531DA4D14E7453E2016FE0BC
                                                                                                                                                                                                                    SHA1:E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
                                                                                                                                                                                                                    SHA-256:DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
                                                                                                                                                                                                                    SHA-512:174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n=this||self,p=function(a,b){a=a.split(".");var c=n;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r||u();v=v||q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING||[];w.TAGGING[a]=!0};var ba=Array.isArray,c

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\it[1].png

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PNG image data, 800 x 450, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):38149
                                                                                                                                                                                                                    Entropy (8bit):7.963301442077117
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:bsauU9Aeejv7dq6bMtjjN1/6xZGK7pHb+grKS:b8U9aZDSjjTCxZXpHb+g7
                                                                                                                                                                                                                    MD5:697D3B9663340D6E6B986B6554860060
                                                                                                                                                                                                                    SHA1:359C6E76D8B8114D34ED92066176AA55E696A41D
                                                                                                                                                                                                                    SHA-256:7F996D93C412A60C4DF547EB3AACDD3BF4C750661571BF6AADDD9197DBAA397A
                                                                                                                                                                                                                    SHA-512:7AB839DA3CDCA95CF5AA3D04BC13E30CCB84F5AD271E56B9E7FD474FD6BC5AA680E3B6F1CB2ED349C39EC9CD4426E97C2F99352461C53886CBD4F8C485A0F694
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:.PNG........IHDR... ......... .].....PLTE^y.......To.^y.`x....|..Yt.^y.Qn....c~.......x..n..f..[w.q..k.....u..Vr.`x.............`z....Wr.t..a|._z.i.._{.............r..z..]x.................Tk.......C_.]y..............dz......... !..._y....)++.......%((...Nj.......-//...689!$%...w..ACD...045...`y.Ie.;>?...KOP......DIJSn.&#$PSTZj.Kh.Vl...............lln.........]^`{.....dde...YXY...............m.......LJK...........530...s|....ttv.........|{}.2.......bgn....,.iq{A<9......Oo........y..8............UROKFA.<....Ol.J.......\.}............0=.?T."*.l..B..[....hT@P[a{hT.|i..~.(..8....;ct..u)..mPD..fw.V..b}..X2...m<+.........U......"..BH.....u.....o.n(h..`Xx7o....u...n(....r.........A.o..vk.<W(.P..q.}I...x.............fm.BY..H...r..(....8.........Z...[......{..S. H....N[......}<....IDATx.....@..`!w..a.1iU..Bj.H.:.....$.R..+oa..U ..Vy.<..W.Gp......[......3..xc.2?GGY...m..~...\..?.......C.d<.........t......uT@6.z....Lt8...d..d.e..T@|.......,....6 >.%...7.l.~..

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\style[1].css

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):5877
                                                                                                                                                                                                                    Entropy (8bit):5.1096170404760715
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:ntAFRUfWuB9D92vHzOK5AJMwxKJTpKiAopiCVfTx3GZl8NQVSG:ntAFRUfWuB9D92vTOKePKvU
                                                                                                                                                                                                                    MD5:F1759A3A2E4A1322EDFAD7386BEB3A9E
                                                                                                                                                                                                                    SHA1:D7CAB8B1471DAA04B67F4021ECE1BD39A882907A
                                                                                                                                                                                                                    SHA-256:CEE6DF3B8FAB1DB37A06F37244546981F7F75415B8612415198B6FEA2C26F80E
                                                                                                                                                                                                                    SHA-512:1F281CE601998F8BF0886A18AC6D22E44E2A003E24B8A15C73492FF57C8B8AA66E8FB8FCD8643AA6306C1F7CF98EEC34361A1FA87C63743D5095833D0306B23B
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:/*.That is a main css file for crossale suite */..* {..margin: 0px;..padding: 0px;.}.:focus {.outline: none;.}..body {..overflow: hidden;..font-family: Arial, sans-serif;.}...container {..width: 800px;..height: 450px;..background: #b9cbe1 url('en.png') no-repeat;.}..container.de {..background: #b9cbe1 url('de.png') no-repeat;.}..container.ru{..background: #b9cbe1 url('ru.png') no-repeat;.}..container.es{..background: #b9cbe1 url('es.png') no-repeat;.}..container.fr {..background: #b9cbe1 url('fr.png') no-repeat;.}..container.it {..background: #b9cbe1 url('it.png') no-repeat;.}..container.jp {..background: #b9cbe1 url('jp.png') no-repeat;.}..container.nl{..background: #b9cbe1 url('nl.png') no-repeat;.}..container.pl {..background: #b9cbe1 url('pl.png') no-repeat;.}..container.pt {..background: #b9cbe1 url('pt.png') no-repeat;.}..container.tr {..background: #b9cbe1 url('tr.png') no-repeat;.}..container.cn {..background: #b9cbe1 url('ch.png') no-repeat;.}..container.kr {..background: #b9c

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Movavi\Logs\SlideshowCreator4\SlideshowMaker.user.ERROR.20241025-034959.7888

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):307
                                                                                                                                                                                                                    Entropy (8bit):5.117229666053661
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:k2k+5UdeRckC+E1f1JHIWCj8FsoSczKCqVtpEznDt5UYDDzfnO:fk+5ZRnevIWdFsoSJEl5J3fO
                                                                                                                                                                                                                    MD5:D7614043351520CD6EE9A44987D1ADA2
                                                                                                                                                                                                                    SHA1:4072A13D913081B43A35EDA212DAD8FA08F5CD16
                                                                                                                                                                                                                    SHA-256:32000F02DC94EAE00D72A4F821D5CA232AC4A8530FA030AF4051C2DD4701610B
                                                                                                                                                                                                                    SHA-512:769AA90DCE1B374448A5B0E01AED89E25FC15B558AD22FD94958BF3DF12AB43208D97801E959DED74EE937F4CB63BDD05B02260AB52366C5A7D1E41326DC566D
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:Log file created at: 2024/10/25 03:49:59..Running on machine: 745773..Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg..E1025 03:49:59.305197 7892 OpenglInitializer.cpp:331] Failed to initialize OpenGL. Reason='OglManager::GetOglVersion() returned unsupported version'. Failure count=0..

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Movavi\Logs\SlideshowCreator4\SlideshowMaker.user.INFO.20241025-034952.7888

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (357), with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):16729
                                                                                                                                                                                                                    Entropy (8bit):5.343640613960191
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:384:1iGCy0TgJHpkTJHw54ViI3mI3zgK0wv1hkzwzHd+p7/LzEqN:4c+m+MKT1ezcGz
                                                                                                                                                                                                                    MD5:8AA7044E6E2886DE8C91B3FE0BFB2BF1
                                                                                                                                                                                                                    SHA1:DE2E00D81F059AC11FD5D6A68EA45A3B731D0B25
                                                                                                                                                                                                                    SHA-256:3CD439DE9F748C728579CCDBBD72B9CAF79128F8449B9D664B291BC873155CE6
                                                                                                                                                                                                                    SHA-512:196212951DEBE4DC7F378E863A26F0374F96F2F1860C920552F350D803197A90C5F931EEB4EFFD0EDE979A1FFFAB94A83152059C9CE8A343D6A1B3181734791E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:Log file created at: 2024/10/25 03:49:52..Running on machine: 745773..Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg..I1025 03:49:52.555191 7892 Application.cpp:613] Product Version: 4.1.0..I1025 03:49:52.555191 7892 Application.cpp:616] FFmpeg version: 3.3~6..I1025 03:49:52.555191 7892 Application.cpp:616] Build commit: d0bcf25..I1025 03:49:54.977064 7892 Application.cpp:649] Activation status: Activated..I1025 03:49:56.602062 7892 WebContent.cpp:65] Load started: mode = activated, action = app_close, url = https://mip2.movavi.com/get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_close&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95&protocol=1&rnd=29789&os=win&act_key=..I1025 03:49:56.617686 7892 WebContent.cpp:65] Load started: mode = activated, action = app_start, url = https://mip2.movavi.com/get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activa

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Movavi\Logs\SlideshowCreator4\SlideshowMaker.user.WARNING.20241025-034958.7888

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):816
                                                                                                                                                                                                                    Entropy (8bit):5.28400344894325
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:xPcRneQW3zg+AhxNg+AGthtg+AGthtg+AGnFsoWkJ3fO:xP8+02+3thW+3thW+3nmoR3fO
                                                                                                                                                                                                                    MD5:6A42EB171CAD644C853B77B0CBC74E29
                                                                                                                                                                                                                    SHA1:11F7AF8BDD7726A2C61E7CED8D4876B06E658DEF
                                                                                                                                                                                                                    SHA-256:F386598BF4DA55B725EAB7A11430471D8A601E6642AD673B20643BFB2A676D96
                                                                                                                                                                                                                    SHA-512:AC340221E87098FA772F86923F09C4513F9A604DCD181A4E3E9D4C6883D1FD943FC15187214B8B7ABF41A36BB187618EAE9FD9C24E36EDB9DB0166E1E51E7AF5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:Log file created at: 2024/10/25 03:49:58..Running on machine: 745773..Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg..W1025 03:49:58.727066 8164 CodecHelper.cpp:204] No transform found (MF has returned zero transforms) for {00007362-0000-0010-8000-00aa00389b71}..W1025 03:49:58.773937 8164 CodecHelper.cpp:204] No transform found (MF has returned zero transforms) for CODEC_ID_H265..W1025 03:49:58.961453 8164 CodecHelper.cpp:204] No transform found (MF has returned zero transforms) for CODEC_ID_H265..W1025 03:49:58.961453 8164 CodecHelper.cpp:204] No transform found (MF has returned zero transforms) for CODEC_ID_H265..E1025 03:49:59.305197 7892 OpenglInitializer.cpp:331] Failed to initialize OpenGL. Reason='OglManager::GetOglVersion() returned unsupported version'. Failure count=0..

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SlideshowMaker\Movavi\slideshowcreator 4.1.0\SlideshowMaker.ini (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):38
                                                                                                                                                                                                                    Entropy (8bit):4.326360407952696
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:1EedR1Qyov:1TM
                                                                                                                                                                                                                    MD5:AF8A13F3FC5741E9919648162264CD6A
                                                                                                                                                                                                                    SHA1:058A14C8D0B59E3FD1FB79908209604482B73FF1
                                                                                                                                                                                                                    SHA-256:DB0DD74B48CD9CE4FEA9E40EE0C3347991AA86C5D26F49F953EC96D3C85B3CC2
                                                                                                                                                                                                                    SHA-512:A6F59309AD0D604C4E0E69EF4F30111BFC4419EC4F849A221098186893827BC0D3389574756F470ACE094479CF726A4C53D60BD158FEC0B4489CE366270B9614
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:[General]..7888=241025-034952-101697..

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SlideshowMaker\Movavi\slideshowcreator 4.1.0\SlideshowMaker.ini.Hc7888

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):38
                                                                                                                                                                                                                    Entropy (8bit):4.326360407952696
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:1EedR1Qyov:1TM
                                                                                                                                                                                                                    MD5:AF8A13F3FC5741E9919648162264CD6A
                                                                                                                                                                                                                    SHA1:058A14C8D0B59E3FD1FB79908209604482B73FF1
                                                                                                                                                                                                                    SHA-256:DB0DD74B48CD9CE4FEA9E40EE0C3347991AA86C5D26F49F953EC96D3C85B3CC2
                                                                                                                                                                                                                    SHA-512:A6F59309AD0D604C4E0E69EF4F30111BFC4419EC4F849A221098186893827BC0D3389574756F470ACE094479CF726A4C53D60BD158FEC0B4489CE366270B9614
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:[General]..7888=241025-034952-101697..

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SlideshowMaker\Movavi\slideshowcreator 4.1.0\SlideshowMaker.ini.lock

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):33
                                                                                                                                                                                                                    Entropy (8bit):4.635006998015215
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:uddqyvLogJI1Y:ufqyzogGO
                                                                                                                                                                                                                    MD5:AC2C9487C398D4BDAEB45691C59A3875
                                                                                                                                                                                                                    SHA1:704166358A85EE95CD504ACEE20DB39B85925702
                                                                                                                                                                                                                    SHA-256:69DCA4BED751DFEEAA0E78B02ADBC4C1906DDE65F95BDDCF79764D4C1EEB5E7C
                                                                                                                                                                                                                    SHA-512:F0FF2CCF65395E7AF6F20C74F6093BAA8E74E907390E2B511AB3054FB890ECE393C07236980A19D1E5F0831F8DF2C643888E4C4507FDC00B243468FD47D9BAC9
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:7888.SlideshowMaker.user-PC.

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\shallow\icons.ttf_0x0602541849C19734D8FE4B0357EF96AD.ttf

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:TrueType Font data, 16 tables, 1st "FFTM", 18 names, Macintosh
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):17372
                                                                                                                                                                                                                    Entropy (8bit):6.495131950326858
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:384:GIt1+g9anyxdW0bfQOHib4pD7CpbiAK8Di7TZDIc5DXR:GItJjdW0bfQSpp2bvuygDXR
                                                                                                                                                                                                                    MD5:0602541849C19734D8FE4B0357EF96AD
                                                                                                                                                                                                                    SHA1:F8059C6F4D69F99BEDE1953DD8E092D09A2A58BC
                                                                                                                                                                                                                    SHA-256:BC9A94815F9FBDAAC280F0793BF10EE347262EAF99F869BC1027E61C7DCD5BB8
                                                                                                                                                                                                                    SHA-512:0A07486F4D34CC3A3F1AF71F4C99DD12DD230CC36690DBA5A4A3B1002D1F5F8D20007D0AF43878C680824F47950BE9E4BA2A89FDA2227A3E9EC9670126FB5295
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:............FFTMp.^...C.....GDEF.r....C.... OS/2|$IB.......Vcmap%..........Rcvt .......4....fpgm...Y...H...pgasp......C.....glyf..r9......,Phead...".......6hhea.......D...$hmtx.7.i........loca].h....@....maxp.......h... namexUb6..=....<post...2..@X...>prep.k.........{........q..._.<..........,.......,.....U./.h.................R.j.Z./...../.................D.....E...............s...4.#.......\.......z.......z.......1..............................PfEd.@%..@.R.j.Z.i.....................M.......Y...Y...Y......./...Y...........Y...Y...Y...Y...;...;...e.$.e...Y...Y...Y...Y...Y...Y...Y...Y.......;...................................Y...Y...Y.......Y.........../...Y...Y...Y...Y...Y.......Y.../...........................................Y.....................................L...........0............%..@......%.............................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\ASSWrapper.dll\ASSWrapper.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\AccelerationTracker.dll\AccelerationTracker.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\AppUtil.dll\AppUtil.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Application.dll\Application.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\AudioRendererSDL.dll\AudioRendererSDL.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\BeatDetection.dll\BeatDetection.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\BitStreamFilterFF.dll\BitStreamFilterFF.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\CaptureAVCHD.dll\CaptureAVCHD.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\CaptureDShow.dll\CaptureDShow.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\CaptureFactory.dll\CaptureFactory.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\CaptureUtil.dll\CaptureUtil.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\CaptureUtilInt.dll\CaptureUtilInt.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\CharsetRecode.dll\CharsetRecode.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\ClientAPI.dll\ClientAPI.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\CodecFactory.dll\CodecFactory.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\CodecPolicyController.dll\CodecPolicyController.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\ComputingResourceManager.dll\ComputingResourceManager.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\ConfInt.dll\ConfInt.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Converters.dll\Converters.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\CoreApp.dll\CoreApp.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\CoreInt.dll\CoreInt.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\CoreLocalization.dll\CoreLocalization.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\CoreManager.dll\CoreManager.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\CoreTime.dll\CoreTime.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\CoreTracker.dll\CoreTracker.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\CrashHandler.dll\CrashHandler.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\CrashSenderWrapper.dll\CrashSenderWrapper.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\CudaManager.dll\CudaManager.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\D3D11Core.dll\D3D11Core.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\D3D9Core.dll\D3D9Core.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\DataBridge.dll\DataBridge.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\DataHelpers.dll\DataHelpers.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\DecoderMF.dll\DecoderMF.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\DecoderRAW.dll\DecoderRAW.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\DecodersFF.dll\DecodersFF.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Demuxers.dll\Demuxers.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\DesktopNotification.dll\DesktopNotification.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EditingScene.dll\EditingScene.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EditorEffects.dll\EditorEffects.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EditorImports.dll\EditorImports.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EditorLogic.dll\EditorLogic.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EditorModel.dll\EditorModel.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EditorModule.dll\EditorModule.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EditorOverlays.dll\EditorOverlays.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EditorSerialization.dll\EditorSerialization.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EditorTransitions.dll\EditorTransitions.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EditorUtil.dll\EditorUtil.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EditorView.dll\EditorView.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EffectFactory.dll\EffectFactory.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Effects.dll\Effects.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EffectsFF.dll\EffectsFF.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EffectsOgl.dll\EffectsOgl.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EffectsSpecial.dll\EffectsSpecial.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EncoderCUDA.dll\EncoderCUDA.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EncoderIM.dll\EncoderIM.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EncoderLossless.dll\EncoderLossless.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EncoderMF.dll\EncoderMF.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EncoderNVENC.dll\EncoderNVENC.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\EncodersFF.dll\EncodersFF.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\ExivMetadata.dll\ExivMetadata.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\FFWrapper.dll\FFWrapper.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\FilmMaker.dll\FilmMaker.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\FilterFactory.dll\FilterFactory.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Filters.dll\Filters.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\FiltersFF.dll\FiltersFF.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\FiltersOgl.dll\FiltersOgl.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\FiltersSpeex.dll\FiltersSpeex.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\GeneralMovaviTrackerWrapper.dll\GeneralMovaviTrackerWrapper.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\GeneralPlugin.dll\GeneralPlugin.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\GraphicsDecoration.dll\GraphicsDecoration.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\GraphicsFramework.dll\GraphicsFramework.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\GraphicsSvg.dll\GraphicsSvg.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\IMCore.dll\IMCore.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\MFWrapper.dll\MFWrapper.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\MQtDownloadManager.dll\MQtDownloadManager.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\MQtMediaUi.dll\MQtMediaUi.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\MQtMediaUtil.dll\MQtMediaUtil.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\MQtUi.dll\MQtUi.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\MQtUtil.dll\MQtUtil.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\MagnetizeTools.dll\MagnetizeTools.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\ASSWrapper.dll_0x9c87be1b0da41f7e00177872e117bde6.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\AccelerationTracker.dll_0x17d8a573293bae812c917cec0a682d26.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\AppUtil.dll_0x6d254b98c3313f4b7dc9bd0007559c52.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Application.dll_0x1b46f1bffa7eb06502de924891f9b4bf.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\AudioRendererSDL.dll_0x6940628eda835e7d627861574d737d8c.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\BeatDetection.dll_0xa073caf27a23524f0881ae6bbe24eb48.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\BitStreamFilterFF.dll_0xe4d5704c43e20ab6c9d13167d3c9c96f.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\CaptureAVCHD.dll_0x149310ec883df492772ff2f696b6e45d.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\CaptureDShow.dll_0xb25714d637f4a07a8eafec18c1b7a975.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\CaptureFactory.dll_0xe650c38d05f71e2f45f2bd4de0c5afbb.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\CaptureUtil.dll_0xa9e65ac62165bc41cf047cc1a9ba11a6.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\CaptureUtilInt.dll_0x86ac148c66a7f1038392b36a81fee2ae.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\CharsetRecode.dll_0xfcfadef434f1ed77f9d4a3c6c35ca0c2.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\ClientAPI.dll_0x5ffb30e2b0a0264b496fbb554e2d3136.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\CodecFactory.dll_0x6f6dd1f7b2a8e059769293c275b669a8.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\CodecPolicyController.dll_0xb790761ceacb68fee1d17b91a190527d.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\ComputingResourceManager.dll_0x82dd3a083b1ea1f3e449ab11f18abd3e.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\ConfInt.dll_0x4cde04ab03af7bfc1f65bc19470b62af.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Converters.dll_0x8f3321c68fec3057e8ffd8b4494a5bff.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\CoreApp.dll_0x0f1b3b5c054c38ec7baf23636d7f0648.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\CoreInt.dll_0x9a5f280d311f965ce371fa2940db53f3.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\CoreLocalization.dll_0x4c44748c72802dde1847177c7c1778da.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\CoreManager.dll_0x404e3a5f469483e4998f0f2fcb3fc9ee.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\CoreTime.dll_0x51c396baec432d75dc5497f8c25066fc.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\CoreTracker.dll_0x80ba7797c6ea677d9b4046a84ed79a19.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\CrashHandler.dll_0xedac5ac6ab447d5f7a4405f8cca4cc20.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\CrashSenderWrapper.dll_0x25b62397c9921503c1387b443c381a41.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\CudaManager.dll_0x96240e96bd3cc865e1a068b560181b52.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\D3D11Core.dll_0x41dc03e6b32d497bd997d41266f8ecc3.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\D3D9Core.dll_0x873ad5837497304387fbc9a1a3155dad.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\DataBridge.dll_0xda589016209d2acb4af2742e0d737655.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\DataHelpers.dll_0x9e98f088a9fb0d0c733afd15a84045f7.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\DecoderMF.dll_0xc0f1ff8dbea22a122b3cd32934bd9a59.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\DecoderRAW.dll_0x1711f4d9e59f76246817679eab5540b4.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\DecodersFF.dll_0x5687dad5e4a6088e3cb015e999a30e63.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Demuxers.dll_0x597823abb56bcf59c76e3a916e1e4a70.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\DesktopNotification.dll_0x087f237019eb62ecc1c20081b214c97b.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EditingScene.dll_0x6e608a0922ba315d81ddea2acc690203.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EditorEffects.dll_0x228fc62cd7664b34ffd8d2f3d9afefc4.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EditorImports.dll_0xd0deeab938cd1954e642d6030bd316f2.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EditorLogic.dll_0xea5c98bfff00dbf7151b06832622763b.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EditorModel.dll_0x70fa45b7cd812fb35b79160d3f30f4bd.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EditorModule.dll_0x09c5345f81c9de57781be550a796c690.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EditorOverlays.dll_0xf64a221314ad4c6d0c97acfac17eedaa.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EditorSerialization.dll_0x61e45714ca43d3d42e365e872d022148.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EditorTransitions.dll_0xc2588cb8c466c02396ed528c865c50c7.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EditorUtil.dll_0xc0513ce4a6f41815a69a37cdbe613a86.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EditorView.dll_0xb1dcd9956f2901d068d0dd514ea30a49.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EffectFactory.dll_0xf967899fb77e8d858e4725ab1fa80049.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Effects.dll_0xde5e9009d96031c7c0ea4bad1c03dca6.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EffectsFF.dll_0x1d514cb80f6f9015fd634c4ab1da2ec5.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EffectsOgl.dll_0x9d58fa42a98cf1a1b7cda9f881559f9e.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EffectsSpecial.dll_0xa7345aa342bfbaccec2927524e2a92d0.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EncoderCUDA.dll_0x303c88f6601e0a40bd62127b1ab23c99.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EncoderIM.dll_0xc481cfd216d553b6bbb9c3d34b8e3569.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EncoderLossless.dll_0x07da3e4902e8a49199209026995e0927.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EncoderMF.dll_0x551405d4b2f096ce5e0447ffd06edb09.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EncoderNVENC.dll_0x6bc650e1dbafbad063b376761ed9eb74.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\EncodersFF.dll_0xe19d480fa9b6888f64a173d9ab7880dd.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\ExivMetadata.dll_0x4743883d312d982e18e8ca7ca956767e.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\FFWrapper.dll_0x83905165245b5266f4e389c178dbc699.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\FilmMaker.dll_0x5518bcd4f6dc8af3f6ec1d9d86d551d8.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\FilterFactory.dll_0xd9bddde15bfed8554ab9a1e4a021d471.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Filters.dll_0xf095cc70d7a27cfc5cbd940c579ecdf3.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\FiltersFF.dll_0x868bbda9764c1a6bcc05e383cb1eff5f.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\FiltersOgl.dll_0x874c0a31a3089b6c65a452b692331e87.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\FiltersSpeex.dll_0xdbb6c86a6622a8d6058c808be7170237.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\GeneralMovaviTrackerWrapper.dll_0x6cfae67be639d103dcb4b645c4c5d14f.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\GeneralPlugin.dll_0xe8bcf641e5bf465d16a319277775f78f.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\GraphicsDecoration.dll_0x6056af762c01c4c5a4a98fc206314715.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\GraphicsFramework.dll_0x051468e93a840593072f6d61a013b967.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\GraphicsSvg.dll_0x3cf10222bd52a0caeea314e890716ec3.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\IMCore.dll_0xd6b939135608b17285c0dbd916a7ca13.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\MFWrapper.dll_0x2b34b6e98886a6d38d70703f9ae3fc10.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\MQtDownloadManager.dll_0x5283d2e2a55eef1344d08d0551848fc3.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\MQtMediaUi.dll_0xe5c0262105cad25487aa465aa24524aa.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\MQtMediaUtil.dll_0xccb4a3f4b5a259ba750c2b02ab4cb134.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\MQtUi.dll_0x7fe2abbd7e30b09e42efd004663ae119.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\MQtUtil.dll_0x76f6b7287cca35c6cc48604eec6081bb.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\MagnetizeTools.dll_0x3bcdfa43693054f64096de17f9ef08ff.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\MediaTypes.dll_0xd0c83fa44744ec3c5328d7084d62ad8d.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\MovaviAudIO.dll_0x17928647bf00089629a9c359b9d1c0a9.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\MovaviIO.dll_0x4b0a9a065674c5bdfed86282ef03949e.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\MovaviStatistics.exe_0xab9c2576f8b7ab93e98c5b6c0808fce4.1.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\MovaviTracker.dll_0x46c1f10ba0c4a551e82db44177338980.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\MuxerFactory.dll_0x69ed820e0a1ae58c192d72569c101f36.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Muxers.dll_0x97235855b43aaed9bd553b58968c24ea.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\NagScreen.dll_0x6b4aebecf4fd48d7126c547631cde7fd.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\OglManager.dll_0x3d572a1329176d927951751fd54ae211.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\OpenglSwitcher.exe_0x8a69250266c8b045b92f3fbac1600f13.1.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\OpenglSwitcherAPI.dll_0x1776ed6e0c3bef9eaadd89f8c461f29b.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\OverlayEngine.dll_0xd1a69c63645ba87b07dce690ffea5657.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\PackageInstaller.dll_0x3229e93861fc197a095fb764fd0909c0.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\PackageInstallerModule.dll_0xdb8f675c9bc1d4e684b4f5d4190bad23.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\ParserFactory.dll_0xa994acca6925d32867a4457fd779c0aa.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\ParserRAW.dll_0xaefdfe07fca33abe4bc214579d0691f8.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\ParsersFF.dll_0x7c12ddd03c82245485fce67fd04cf332.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\PatentActivator.dll_0x81ccc99cb06ed65aadd78aafd6feaef3.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\PlayerControl.dll_0x517ed09b79f680fd2580d2c3967bfa31.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\PlayerEngine.dll_0x2832f0d718d93627703691aad38cb930.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Policies.dll_0x969d0eb9536ca34d65369eab44a4658b.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Presets.dll_0xaaa981ef6a6f4159b42dde697449964f.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\ProcInt.dll_0xab1e458226ff71c80b2cb658a2c459ae.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\PubSub.dll_0x17103b207cc08eff5e6a393098c0ce56.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Qt5Core.dll_0xd4fc5e41be328a98c005a666272ce6e2.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Qt5Gui.dll_0x725e29e775b2b2dc947478fe01c8bf6e.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Qt5Multimedia.dll_0x260d25e98429cab896621a0e512f0f77.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Qt5Network.dll_0xadf29da8367e3ec830a51c38754a41f4.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Qt5Qml.dll_0xbd87b4cfeb393eb75ba3820492cd38b0.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Qt5Quick.dll_0xdd1911edf6e525414043017cc95bbd66.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Qt5Svg.dll_0x7f130e7034a9a56b5fed9f9c643cc52c.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Qt5Widgets.dll_0x9cd7925d5f4117e033370c21cb9587af.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Qt5WinExtras.dll_0xccbe4f933e831e0133e1237c8d9b522e.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Qt5Xml.dll_0x742c869308f7859e62d724080cb22113.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Qt5XmlPatterns.dll_0xcc6d3fe1f5a7b24eba2a2f088fc8d9cb.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\RTAudioRendererSDL.dll_0xf1cf7051e53cc69d242f6d34e86c7684.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\RTPlayerEngine.dll_0xda0127d377626dcb1f3951f3abb3dade.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\RTVideoRendererOGLQt.dll_0x5eb2a94a0080f3f9e5712fbd57243a24.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Resize.dll_0x9ab4ec08f957921a358e42b0ee91b598.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\ResourceUtil.dll_0x62c262dfd3daa2e290e71ab5006bc6f1.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\SDL.dll_0x16237942b0f25003a9e47baeada5fe23.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\SDLManager.dll_0x0d2def8ea416fe5c011611892ddd93f0.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Settings.dll_0x947beef11bf04034c0bbd247552d6bd1.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\SlideshowMaker.exe_0xb9563bc9a137423d873f79df83e26812.1.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\SocialProtocol.dll_0xfc6e7296227f9551cb57ecf176c64a2f.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\SocialWidget.dll_0xe5fb68eec778e594de263c8e39b2fbd9.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\StreamReader.dll_0x7e262b03147a4d7f2cf3c572b5921c31.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Threading.dll_0xdd04245832b67456ba60783b407e8daf.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\Tracker.dll_0xa43c099c04a821e923b90614bbcbca3d.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\TrackerFactory.dll_0x2e463267638655c2309f84cb0e5a59d0.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\UpdateChecker.dll_0x3b77a4223294d9706d88f69cedc63b85.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\VideoAnalyzer.dll_0xd06e5d5a829f23240712a8583209b50f.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\VideoCapture.exe_0x6d37f39f8ee8abc5989340c4c328422f.1.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\VideoRendererOGLQt.dll_0x3c5065085a242d67f6d7ff6f6222c7ae.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\WebBrowser.dll_0xf91042350df1acb63f78ba11400c0ee4.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\boost_chrono-vc140-mt-1_60.dll_0x69d68484c7d408aa788805b177cafaca.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\boost_date_time-vc140-mt-1_60.dll_0x85384344741bff72fafe68ca36100b01.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\boost_filesystem-vc140-mt-1_60.dll_0x81e6c1405fa663b0f81b965d594746bd.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\boost_locale-vc140-mt-1_60.dll_0xba76c699df7f7f74a757c7ba6f9a972b.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\boost_program_options-vc140-mt-1_60.dll_0xa431718bd609982c827d990e1fa19442.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\boost_regex-vc140-mt-1_60.dll_0xb29b61d72c7be00fee6f2b023d6847eb.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\boost_system-vc140-mt-1_60.dll_0x4c197ddea8325777df34986238b8dfcb.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\boost_thread-vc140-mt-1_60.dll_0xeac67583b698d0df2d4317e11915428b.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\boost_timer-vc140-mt-1_60.dll_0x9a728eb4667068acf4f0bf0db01fa1f2.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\glew32.dll_0x653f20d904fccc1276666ca8a62eeb6e.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\libcurl.dll_0x529392a35db394fad0f3e4cca0de922b.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\libglog-msvc-14.dll_0xc6ec001c6c55be0f26d7a187c556c3f4.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\quazip.dll_0x1b2bfe1c19bbf66d8bca1bdaa53bdb92.2.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Manifests\uninst.exe_0x1c667fda1733b2369820fe4d5ce3041c.1.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1081
                                                                                                                                                                                                                    Entropy (8bit):5.193567682639196
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:2dN4+BgQANe0iNK+bIgYyHYMPgisMW3icw:cyUgpiK+bIgYyHYSPa+
                                                                                                                                                                                                                    MD5:5F3031E657AC45870E6DE7CF9F49B435
                                                                                                                                                                                                                    SHA1:BF547E454E248BF8A3DCDCC747D704B58EB8029A
                                                                                                                                                                                                                    SHA-256:A15486AF70C3669ECBCCDA0E9B7519BFB8B28CF9BBF94B9205EC0C34EA6D2F12
                                                                                                                                                                                                                    SHA-512:85B6104C3A08F96582361E1652C1864C0C8BB524CA7F7FDEE0288A8685E3E5A0B3B59D98A087F9AA7710F4EFF9A3D2676AC64D3919E44002DE721B93F4AF5925
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32" />.. <description>Nullsoft Install System v2.46-Unicode</description>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" />.. </dependentAssembly>.. </dependency>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>.. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">.. <application>.. <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />.. <supportedOS Id="{e2011457-1546

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\MediaTypes.dll\MediaTypes.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\MovaviAudIO.dll\MovaviAudIO.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\MovaviIO.dll\MovaviIO.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\MovaviStatistics.exe\MovaviStatistics.exe.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\MovaviTracker.dll\MovaviTracker.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\MuxerFactory.dll\MuxerFactory.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Muxers.dll\Muxers.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\NagScreen.dll\NagScreen.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\OglManager.dll\OglManager.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\OpenglSwitcher.exe\OpenglSwitcher.exe.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\OpenglSwitcherAPI.dll\OpenglSwitcherAPI.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\OverlayEngine.dll\OverlayEngine.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\PackageInstaller.dll\PackageInstaller.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\PackageInstallerModule.dll\PackageInstallerModule.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\ParserFactory.dll\ParserFactory.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\ParserRAW.dll\ParserRAW.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\ParsersFF.dll\ParsersFF.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\PatentActivator.dll\PatentActivator.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\PlayerControl.dll\PlayerControl.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\PlayerEngine.dll\PlayerEngine.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Policies.dll\Policies.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Presets.dll\Presets.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\ProcInt.dll\ProcInt.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\PubSub.dll\PubSub.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Qt5Core.dll\Qt5Core.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Qt5Gui.dll\Qt5Gui.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Qt5Multimedia.dll\Qt5Multimedia.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Qt5Network.dll\Qt5Network.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Qt5Qml.dll\Qt5Qml.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Qt5Quick.dll\Qt5Quick.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Qt5Svg.dll\Qt5Svg.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Qt5Widgets.dll\Qt5Widgets.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Qt5WinExtras.dll\Qt5WinExtras.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Qt5Xml.dll\Qt5Xml.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Qt5XmlPatterns.dll\Qt5XmlPatterns.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\RTAudioRendererSDL.dll\RTAudioRendererSDL.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\RTPlayerEngine.dll\RTPlayerEngine.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\RTVideoRendererOGLQt.dll\RTVideoRendererOGLQt.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Resize.dll\Resize.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\ResourceUtil.dll\ResourceUtil.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\SDL.dll\SDL.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\SDLManager.dll\SDLManager.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Settings.dll\Settings.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\SlideshowMaker.exe\SlideshowMaker.exe.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\SocialProtocol.dll\SocialProtocol.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\SocialWidget.dll\SocialWidget.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\StreamReader.dll\StreamReader.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Threading.dll\Threading.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\Tracker.dll\Tracker.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\TrackerFactory.dll\TrackerFactory.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\UpdateChecker.dll\UpdateChecker.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\VideoAnalyzer.dll\VideoAnalyzer.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\VideoCapture.exe\VideoCapture.exe.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\VideoRendererOGLQt.dll\VideoRendererOGLQt.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\WebBrowser.dll\WebBrowser.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\X86_Nullsoft.NSIS.exehead@1.0.0.0\Nullsoft.NSIS.exehead.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1093
                                                                                                                                                                                                                    Entropy (8bit):5.218294530304438
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:2dN4+BgplNe0iNK+bIgYyHYMPgisMW3icw:cyUgliK+bIgYyHYSPa+
                                                                                                                                                                                                                    MD5:6A3FE4FFC2414776E6AE300B22C4E767
                                                                                                                                                                                                                    SHA1:FB3E39302FFF1D3C7908BCB9CC1E91B2C0FE99BF
                                                                                                                                                                                                                    SHA-256:5A4C655D951720F63EF470EC16CCA6C690DC528FD11707398A3541C632AED06A
                                                                                                                                                                                                                    SHA-512:69258E6C5976EB51096E94B77184C103123DCB960DE19F507A9DFF1D61EEBFDD8B2FB9FFDA489B67ADAA09FD09BE5A47CA5F8ABC9E4CDED0FE71B8700BC56D0E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="X86_Nullsoft.NSIS.exehead@1.0.0.0" type="win32" />.. <description>Nullsoft Install System v2.46-Unicode</description>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" />.. </dependentAssembly>.. </dependency>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>.. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">.. <application>.. <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />.. <supportedOS Id="{e

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\X86_Nullsoft.NSIS.exehead@1.0.0.0\X86_Nullsoft.NSIS.exehead@1.0.0.0.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1093
                                                                                                                                                                                                                    Entropy (8bit):5.218294530304438
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:2dN4+BgplNe0iNK+bIgYyHYMPgisMW3icw:cyUgliK+bIgYyHYSPa+
                                                                                                                                                                                                                    MD5:6A3FE4FFC2414776E6AE300B22C4E767
                                                                                                                                                                                                                    SHA1:FB3E39302FFF1D3C7908BCB9CC1E91B2C0FE99BF
                                                                                                                                                                                                                    SHA-256:5A4C655D951720F63EF470EC16CCA6C690DC528FD11707398A3541C632AED06A
                                                                                                                                                                                                                    SHA-512:69258E6C5976EB51096E94B77184C103123DCB960DE19F507A9DFF1D61EEBFDD8B2FB9FFDA489B67ADAA09FD09BE5A47CA5F8ABC9E4CDED0FE71B8700BC56D0E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="X86_Nullsoft.NSIS.exehead@1.0.0.0" type="win32" />.. <description>Nullsoft Install System v2.46-Unicode</description>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" />.. </dependentAssembly>.. </dependency>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>.. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">.. <application>.. <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />.. <supportedOS Id="{e

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\boost_chrono-vc140-mt-1_60.dll\boost_chrono-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\boost_date_time-vc140-mt-1_60.dll\boost_date_time-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\boost_filesystem-vc140-mt-1_60.dll\boost_filesystem-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\boost_locale-vc140-mt-1_60.dll\boost_locale-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\boost_program_options-vc140-mt-1_60.dll\boost_program_options-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\boost_regex-vc140-mt-1_60.dll\boost_regex-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\boost_system-vc140-mt-1_60.dll\boost_system-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\boost_thread-vc140-mt-1_60.dll\boost_thread-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\boost_timer-vc140-mt-1_60.dll\boost_timer-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\glew32.dll\glew32.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\libcurl.dll\libcurl.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\libglog-msvc-14.dll\libglog-msvc-14.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                    Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                    MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                    SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                    SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                    SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x082C556205010103\sxs\quazip.dll\quazip.dll.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                                    Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                    MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                    SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                    SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                    SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\TFX53903.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:OpenPGP Public Key
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):4909
                                                                                                                                                                                                                    Entropy (8bit):7.572304541813266
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:kHQZ2ovK64SUXPJkJKCT8PDtvn3UakvxsUnp41q6k:vfly/qTIP5nOvJ2q6k
                                                                                                                                                                                                                    MD5:A35063F90CBB4D53E6FE3AEBEABFBEF7
                                                                                                                                                                                                                    SHA1:B296D21C604650A2A65CEF492A1F0E20B6292036
                                                                                                                                                                                                                    SHA-256:5907D2DD4EB62C58A7CA3E9A77AFAA7F17D2A585FE9DD0AFDC71EB3B9AF7D346
                                                                                                                                                                                                                    SHA-512:689CFDFE59DE3B1C5BA88230793F73CDEAA3F4FAEB9203F2D6F70B22C9733BBD522FA708E200D0A41B9351AF36DFE5D31F9D9BBF74D2BC0ED23B957DDACC2722
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:....e.>.Q.U...|........x..............6h1.]...t.i...U..Y...,m...Y......I..E<..l....D5..:....M....C..&:..M...d.)..C...;a........B...;..5.=.\...sBUO..UO..k\.X.UO....:..=...T...{C...:!.........T%..)..%.}.L.I.cd...........9..u....q.-.].D...k.........-..w....e...Q.....<w..S...z........p........1.....4`i.[%U.r....m..QY..4..........,A..C.5.j....LM..2..........K..$2).K..b.a..K...3..7...^...uJ=..3....u..A..K...2y.?.E.V...}K...2.......!..\...!..'.%.N...el}...I.........}....9./...Fxq.m.].........o....-......e..hQ.............:X..Q-..x........I1..<....i..DU.29..Y.m.p.Y..T...*..........S5.+*. C.M.k..!.S...+.".....)".R..++a!C..k.. .R...4./..=..0.Au.+.A0C...kLy?.1E..@....].A. ..+.!AC...km.@..%...A.}..vIA....+..@C...kv9O.....qN.]..w.O....+..PC.-.kw.Q..e..QQ....h.P....+.._C...kX.`.-...1`....Iio.<U.+..pCDm.k9Yp........K...2.~..5.+...CKM.k2..........J..3)....+.a.CJ..k3........A=......u.+LA.C1..k.y...E..]... .w.....v+m!.C..wk....%g.~....}f..I....g+~..C..hk.9....i..

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\~4066032673.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:OpenPGP Public Key
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):4909
                                                                                                                                                                                                                    Entropy (8bit):7.5713728825881805
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:kwQZ2ovK64SUXPJkJKCT8PDtvn3UakvxsUnp41q6k:Wfly/qTIP5nOvJ2q6k
                                                                                                                                                                                                                    MD5:0D575B3BD79308DD2AEACC3383F0685D
                                                                                                                                                                                                                    SHA1:1D9908BA6C2DAA5013FE5567BD691826A16C131C
                                                                                                                                                                                                                    SHA-256:A32D25A5882060802F856B4528556ED4E4594D8DD7C14F5542392082BC537799
                                                                                                                                                                                                                    SHA-512:3FEAE3DF1E34790B24C2F710B80125A585BF417E28F511B5441BA0E6B44AECBA318097C51E0728FFD08846F979915853CBCD834B404994A7547D477F6AA2A3D0
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:....e.>.Q.U...|........x..............6h1.]...t.i...U..Y...,m...Y......I..E<..l....D5..:....M....C..&:..M...d.)..C...;a........B...;..5.=.\...sBg0..g0..m\.X.g0....:..=...T...{C...:!.........T%..)..%.}.L.I.cd...........9..u....q.-.].D...k.........-..w....e...Q.....<w..S...z........p........1.....4`i.[%U.r....m..QY..4..........,A..C.5.j....LM..2..........K..$2).K..b.a..K...3..7...^...uJ=..3....u..A..K...2y.?.E.V...}K...2.......!..\...!..'.%.N...el}...I.........}....9./...Fxq.m.].........o....-......e..hQ.............:X..Q-..x........I1..<....i..DU.29..Y.m.p.Y..T...*..........S5.+*. C.M.k..!.S...+.".....)".R..++a!C..k.. .R...4./..=..0.Au.+.A0C...kLy?.1E..@....].A. ..+.!AC...km.@..%...A.}..vIA....+..@C...kv9O.....qN.]..w.O....+..PC.-.kw.Q..e..QQ....h.P....+.._C...kX.`.-...1`....Iio.<U.+..pCDm.k9Yp........K...2.~..5.+...CKM.k2..........J..3)....+.a.CJ..k3........A=......u.+LA.C1..k.y...E..]... .w.....v+m!.C..wk....%g.~....}f..I....g+~..C..hk.9....i..

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):1.498778124459133
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H01l:s
                                                                                                                                                                                                                    MD5:7EDED22D09271BE56EDF368AF94E55AB
                                                                                                                                                                                                                    SHA1:9B574EE3C866E0B325246611FC5C412B8B959806
                                                                                                                                                                                                                    SHA-256:E6E210FA821463797D690682617069C89BF858451534AE49DACB2176207DA32F
                                                                                                                                                                                                                    SHA-512:33A65406DF4F1318D8B2BA0C53A4C9F0464C5F5C6CD187A6513BEB2BC64CD9FBA4C8B0D0344DC0F9025FD5A0BB68FE7C7FE4425EC84A3175AE8CA731AB95FB95
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta.........................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\Application.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.135891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00l2oHnzt0f:lMoTA
                                                                                                                                                                                                                    MD5:8B16697E1404D2A85FC21FB6CFBEBA38
                                                                                                                                                                                                                    SHA1:28F197C51CD1B046F017B4ADD08FC0EE293B7C15
                                                                                                                                                                                                                    SHA-256:ACABC6D7C0593E701501BE6322C313D4D6451C8955276E8F0AFD2913A07E56DF
                                                                                                                                                                                                                    SHA-512:C479DAE65D4E4B3FE867B29F0A50FEF32EB6850D52F1DCE6569B280764E4BD64E63CCD0C054C0A4BE21B2BF50387AEEE27A87D5BC299FAB31ED2DF9673A16E22
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta..........F..~.e..H....

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\ConfInt.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.135891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lhlOmFSHK:lA8SHK
                                                                                                                                                                                                                    MD5:9A12BCE2E47285DE6346B9C41EE4504C
                                                                                                                                                                                                                    SHA1:EC2D527CA08DD261CF4F8BA966E8B57C89B22584
                                                                                                                                                                                                                    SHA-256:4F14F96A01F183E409B5BE0B557E3684518962B6CA9E4474780A08796E177726
                                                                                                                                                                                                                    SHA-512:47A279D92DA12FC8EA73CFAE474D3A8749281B6574BE027C42193064C3B9EB59D360A4F45058CD91502FD1871A60FC8D3A61798803B5A6663E56C6AD521B3F4F
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta.........L.....{..e..G.b.

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\CudaManager.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.135891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00l7BnYV:l3YV
                                                                                                                                                                                                                    MD5:F154FB5A9585756CFBE8D57FD172FCC8
                                                                                                                                                                                                                    SHA1:5904450F0E7BEBDDBE0628EB47CB8ABE58A375B3
                                                                                                                                                                                                                    SHA-256:A0A9515EF3252C04163054C5815B31561A0F4D9DB7E56815607A71349A984663
                                                                                                                                                                                                                    SHA-512:470818F68E5567B5ABB21D6DADE7E3F74708F3276CAFF710BF1A5F828BAA52F2F89B2C8AC6AD94C2B50651C5D18F0DD30256956E2A4EFE421B649963AA89C3C1
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta..........$...<.e.h.`..R

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\DecoderRAW.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.135891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00l60f4OQR:lA0AD
                                                                                                                                                                                                                    MD5:70EA50240C652032752338E127E6FAE5
                                                                                                                                                                                                                    SHA1:0A964123B20FD9777820F366B87F73EDD5D7AE7A
                                                                                                                                                                                                                    SHA-256:06237D0EC95092B823ED94BE55A91FAB2B8D6860D08896840DA734AF76C4EC67
                                                                                                                                                                                                                    SHA-512:04CE2265A6681AC381631A1342BE140D62840B45AD4B3FBBAEFE20C8925A286A691BA7C408916ECBFF68EAD1EE5167FA76F44F22573A66D79FC47732F700CC70
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta..............v$h.g..U@.

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\EditorLogic.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.0625
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lHp:lv
                                                                                                                                                                                                                    MD5:4F7EE9DEFB63D010EE8AF7156D27A10E
                                                                                                                                                                                                                    SHA1:271835F22938657B78AA88069C1CC45A2D52D814
                                                                                                                                                                                                                    SHA-256:98CA3587B1AE967D55D49362E7D968A8127A8EB3D34583B438482ECAFFA3B2DE
                                                                                                                                                                                                                    SHA-512:2DFB397CC9266A814D58EA6E83602FA4D121E632EED71C0F7FDA2FAEB6EF4825F80135417FEBFCEE8B9DAD20CE3CBCAAA76A0DC4AFBC24DAB4ED9E9FD596AA7A
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta..........\..........&"v;

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\EditorModel.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00ldfgSGC8:lfgY8
                                                                                                                                                                                                                    MD5:65B40E5A962B578B88E1C4D5316C4765
                                                                                                                                                                                                                    SHA1:1E77D8F67913DDF14A0421485B99FCCDC5DB44BD
                                                                                                                                                                                                                    SHA-256:B7FD48B93F59BD8A94A9BA94C083BC23EED12B1A2BD29CEA3E873AF2E4CAEEA5
                                                                                                                                                                                                                    SHA-512:2F446D69E4B171DF170DF446DE81549F617CC8B1F7915C8489C47277CEAF6EC8533564E93A90BD07687B0B215AF456C64F0F941644C1DC152DD10AC1252E5129
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta.........p.E../.[y..?0..

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\EditorModule.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.198391110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lkgRRRIzJn:legRUN
                                                                                                                                                                                                                    MD5:FE68674649161788D340522C975A594E
                                                                                                                                                                                                                    SHA1:EC51F06828373F759C0A9BBB357DC8C5B78ABF5D
                                                                                                                                                                                                                    SHA-256:694B021E49F9C8B21EC4277A496370A1600E9BF8123040F4779E1C1802C000B3
                                                                                                                                                                                                                    SHA-512:B2115084F90A7FD6B80B1CCD012AC5511407CCD8DCA4B6B9585E14707C75FDB89A18AF599BFCB7C4EF95FBEDE089AB2A07AEADFC0212F198DD27F8AAB6D8CF03
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta...........4_...Wx..P...

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\EditorUtil.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.135891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lt0Z1ajajn:lQ1aEn
                                                                                                                                                                                                                    MD5:3700889576D0089BCA927230758B7A37
                                                                                                                                                                                                                    SHA1:51A837C2834F9239FFCC25D07DD072F230BE1DD4
                                                                                                                                                                                                                    SHA-256:3B172FA91D7D720B28098CC743AE69121F477C0E0EFE646A1A5FB4950AF6A4DF
                                                                                                                                                                                                                    SHA-512:A2A2A38E12A10D2799BA287F5008F07CCCBDAF0F5A46AAD0C2F0F06AF9CC9D8BB3B8D4911A3BB65B8DCCE8071227784A370B8E9CAC0772DA29B7A33F4290257F
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta..........Q<......7.a:.

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\EditorView.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.112300876357291
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lc58wXkV1h:lmiw0Lh
                                                                                                                                                                                                                    MD5:EC12BAFA97B1C899B8E1D02990011D3B
                                                                                                                                                                                                                    SHA1:53FBD03052BB242F2922B404F9298DBACDF817E7
                                                                                                                                                                                                                    SHA-256:96A6499BC4330FF5FB994EB2019FDB2C2585D704F9E814E8A5B979D69FB40EE3
                                                                                                                                                                                                                    SHA-512:E146084C2145AD5FE0330B0D738CD3EC65F7A6C94363497369F773A3F617A5A496DE547B65EFD48614390C89D653DA21409FF3CF51FA1730D55EED73F90BBD56
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta............o)..h..QN..I

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\ExivMetadata.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.198391110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lqnzZ+:lQnzc
                                                                                                                                                                                                                    MD5:655AAD3B62AB60D8156514521E2D91F3
                                                                                                                                                                                                                    SHA1:2A2D04CB321E946755C44A2BE30ABE2BC43DE4A5
                                                                                                                                                                                                                    SHA-256:ECBC0E4926C4EA278A62D3612773C39946E2D21A57A302FB49CFD46E99637045
                                                                                                                                                                                                                    SHA-512:11658472087386FB833236971ADAE56A62404A814068DBF2E628E68D33E83A715115639A1166DDD28950481A7693AFF8575EDB8FED9C8C47A40AE861EA143B1A
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta.........GC.=1-.....|.Vv~

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\FilmMaker.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.198391110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00l49dUd9:lCcd9
                                                                                                                                                                                                                    MD5:F2E8935F1E985F229854B15E3D53E3EC
                                                                                                                                                                                                                    SHA1:4741DE921B01C1348F1DEEBE057AEBD93180D033
                                                                                                                                                                                                                    SHA-256:A68FC0E4CEA075D42BDCB63DED4A34F4A6BF0B5E4065295727D97A249CA08CAF
                                                                                                                                                                                                                    SHA-512:3EA8898B93E6DFBDE6357F4445230E6854D7448B0303D8B322E76AF0D7CA551C392D1E04512283436D0417FB47DA2B2D6C39222CD3059B98ADB365EC40359D01
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta.........U............Q.

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\Filters.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00ldwpiHkW:lci/
                                                                                                                                                                                                                    MD5:365D75C410A59C13B7B1ACE2EC3E420B
                                                                                                                                                                                                                    SHA1:33411B9CC64C7C4E287765900F5F8F91DC493BCB
                                                                                                                                                                                                                    SHA-256:356A88D8EAFD35B36B2CA8EF2E3A92D8AEA7A9A43195C6F464D2706761E3CD5F
                                                                                                                                                                                                                    SHA-512:4E172E7DB72096CBDBC15C1FD03386556E87D85F2E6694DD34B00147E348DD33F8510EF2F0907FCDA11376114BC12268A3305FFE54422855ACF46C52F382687A
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta...........p.|.\...W...

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\GeneralPlugin.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lFZo/j+r1q:lRoS0
                                                                                                                                                                                                                    MD5:867BB13E4FC26ED90A09A8002B343987
                                                                                                                                                                                                                    SHA1:A3DF12BA272B2E292C170463F5344017F2BA58EF
                                                                                                                                                                                                                    SHA-256:7B24F126A620ABBE7EC2D33803A3E045644C0070572F6E438CA6A97DCCE3945D
                                                                                                                                                                                                                    SHA-512:0D9B5B3DDAE768982150416946F3B27ABA44334F382FE13A5B4666BC632DBCB46B9AD2A90AE50ABC2DB11E4EA84F474ECE54ED9DE33FE6F9EFBA5C75A25ECF59
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta...........A.F]...'wu..

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\Qt5Core.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00l5ehoDCV:lSCu
                                                                                                                                                                                                                    MD5:E415257AD7102981109120AC84CFDDEB
                                                                                                                                                                                                                    SHA1:84117081D4615F288D10DE116B0D06DF2D94800B
                                                                                                                                                                                                                    SHA-256:1C14376809D264F0502F53442226F849413169F6D3E5E76319A669318B7AF279
                                                                                                                                                                                                                    SHA-512:43EE73FCCDC0B4222C4646EE95982022AA6BCB54377B72A0576B3A373D1B7C0FB54A0A9D3E69EE4395DA231834C477B344D19A942E520BF1B5C970F34097D531
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta...........^A.2.....f',..

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\Qt5Gui.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):3.987300876357291
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lfIbDLn:lab
                                                                                                                                                                                                                    MD5:7081534A844C3E4BCDE7244E1EE432F1
                                                                                                                                                                                                                    SHA1:42F71584ADAC9DB64325C9F4C595D5E9EA2451D7
                                                                                                                                                                                                                    SHA-256:EDD5D7CDEB602F9FD7B6A0403331EE8197F6F097F269F47760FBA0D21E01BAA4
                                                                                                                                                                                                                    SHA-512:F148963F1FC911A0B47560E49BC1864D62152FFBA9390F7001C70B9086652F443E0C9106A3310C670D3F8553662B155A1F320522AB8546FF06260793081BD53E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta.........r^).u...tx...n

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\Qt5Qml.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lQy1cbegn:lqy1cbeg
                                                                                                                                                                                                                    MD5:6881E699A7227089935DE7E31796070D
                                                                                                                                                                                                                    SHA1:DCCBF81F163199725C8A58B565AFA8BC91129826
                                                                                                                                                                                                                    SHA-256:C182A1837EE8D6CB135DCD123289EFAFFAF535F0744E40D02DDF59330A4913FB
                                                                                                                                                                                                                    SHA-512:58235827A0FE9443992C0648EAB3D368558D25AA1AA98F85429BEAF6F60F1C9199FD55F5953F6C1A20CCC5B608247073D67143E8822FE097A29AF1DD857F8307
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta..............9>.[.....8.

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\Qt5Quick.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.174800876357291
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lw80IMxs+u:lK8xMq+u
                                                                                                                                                                                                                    MD5:EF02F3EE664F831FC1EAC885D7AF7E3C
                                                                                                                                                                                                                    SHA1:8E40B0375A4AA712DBDAF6CF78F0A1D66F5B6D41
                                                                                                                                                                                                                    SHA-256:62F2CB8E56CCC2C3FCC0E0C9AD164781B3A51A75AB545B9BE5E71C423D240043
                                                                                                                                                                                                                    SHA-512:4EF05BBCC7849B1A79E085CBF3E5093E52C9FD6D62EAA96CE07777E4650A5BE44A574237EAA6E4FFCB7768BD43F99F4342A14B0D5B9901B20E6780FED2698843
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta...............%A@C.|.[.f

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\Qt5Widgets.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lxLpn:lvpn
                                                                                                                                                                                                                    MD5:6F5BA66370BE4B85DE5080A031587268
                                                                                                                                                                                                                    SHA1:497C5E7725429417BB3AD06F8243D494070E39E1
                                                                                                                                                                                                                    SHA-256:FF6DD15032476399FD9A3A4886A181444D4143CB0CC7AD533D6F121909BCC461
                                                                                                                                                                                                                    SHA-512:12D6E9E8DB957A989C3633358424EC65FB959F06543F1095BF11E7CC854B3DE735994D13DF85D0ECB1B5062285900BAD53190FAE799C26DEE2C1701591027D2F
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta...........]_A..37.!...

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\Qt5XmlPatterns.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.174800876357291
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lhIa1W/n:lhq
                                                                                                                                                                                                                    MD5:C57874B12E725681ACDC3AF496EAA633
                                                                                                                                                                                                                    SHA1:390E1A681D31F85237BE3A2E68542E8DAD8CBCD3
                                                                                                                                                                                                                    SHA-256:C6876E0CC3FED68F645229A128A9E4E6EF21F072EAA16BC6E2BE95052389F1FA
                                                                                                                                                                                                                    SHA-512:E02145E6B7D46C6CEDB3A8AE5FC833DCB28D9D2F47EFF55F5B7922F0005342225F81BC177D0C6B6EDFEC26D4929BF33E6487D1B753E27F93D110EDDC8E6973C4
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta..........m?....N.*/.....

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\SlideshowMaker.exe.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lUzesj:luysj
                                                                                                                                                                                                                    MD5:02AF394A4CB4C675C9D0172F2F3F81EB
                                                                                                                                                                                                                    SHA1:A562CE0E61137D26D4556675C5A7FA2E46DBDA43
                                                                                                                                                                                                                    SHA-256:95D0928A6B1EA73FAA555D543C4CD590E02FA18DD55E42878E94AF1ED60E51DB
                                                                                                                                                                                                                    SHA-512:E835C64823ADF32967EC073A0D5B43908708403B0A2E98C7D365A9EC181991413C2D74C162C44EACF152602678D650DFAA641EADD0A17B9D499C9A5EEBCCAC92
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta..........V;.7B=.?y..h.

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\VideoAnalyzer.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00l9L4/nO3N9c:lr4/gq
                                                                                                                                                                                                                    MD5:5153857ED1A7A5AFD50E9B4FA638BFD9
                                                                                                                                                                                                                    SHA1:92469C59E976CF99C69F39BEB3AE5CC7743B4523
                                                                                                                                                                                                                    SHA-256:6A33D0497B59E02ECE79AE7FD6626E13209A74F0ABBF29418EE80619D7A15CA7
                                                                                                                                                                                                                    SHA-512:9837002F7BCE8729FE6D111B5A921021772373CC37189F8DCA8B5820856E3C67770D2505A3C97B9C7BA4A8DECC5E51E3C2D740B79A988CFD38BCA838DBD5019A
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta..........n]Z..#$...X2...

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\avcodec.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.174800876357291
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lSIXZan:loIXZan
                                                                                                                                                                                                                    MD5:C57124A3A09867156827B48240C1E804
                                                                                                                                                                                                                    SHA1:486BA5DD340D0391F15B1FAC050CE9B552B99C70
                                                                                                                                                                                                                    SHA-256:BEB3262B6CEE6FEE3143D1F89CAC22DC2C8ADE03B6D2E1F34FA4CD08BCBFE97E
                                                                                                                                                                                                                    SHA-512:2D9294AF967979C32D0772E9BCF0109AA3703AD1AD016399723935654BDC10A60A533A1A5F16F1B4EB5176D51FB8361CFA9D5C88D6D96453DE2250D9A845A632
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta..........m..{...&..j..

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\avfilter.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.198391110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lTO3FhAgO:lk17O
                                                                                                                                                                                                                    MD5:1D6F60A6AA7DC9DF8F89DFE699B9CC59
                                                                                                                                                                                                                    SHA1:75658E5EA54DF91348FFC866BFC82BC5D2CB0190
                                                                                                                                                                                                                    SHA-256:729A57E0B0397F4BAFB0CC70038A269B93B2D08634B2F8BA13DA2E6D83F1DDA8
                                                                                                                                                                                                                    SHA-512:40573D9C6CD5DEECE4015BC6F95AC1C9FB6F15226FF5B96AC04F1ABC75101E46B39909F44231F9433379D59742134A5EA9DDCE875607989F28864A47354744F5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta..........e....U...9.....

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\avformat.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.198391110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lK7w4Ln:lwU4Ln
                                                                                                                                                                                                                    MD5:EFDE797879C38D28A5C37C490F5613E7
                                                                                                                                                                                                                    SHA1:08A77BF62EB2DC19495190BF9167718F60B9A26B
                                                                                                                                                                                                                    SHA-256:B1A9130E65878585D30C0735A954DD6082FF43DC9C2BE3CE7E79997F802668AB
                                                                                                                                                                                                                    SHA-512:6F88700C0B5EDAD12AC5AD4A8EBCCB7D08545C63310D93CCE4B8E010913D9A531ADC1FCA7272ACA8062F2A3AA17EB4FD469BD780E25D14DED2997FF5C80819FB
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta............@a...V=../2.4

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qgif.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00ldpI9ztXuNVn:lpIDuH
                                                                                                                                                                                                                    MD5:AB49EC7B3B8ADB9D6F29DC107FF81CC5
                                                                                                                                                                                                                    SHA1:8DC2DCA800BF99B48E86C2EEE289FAA3E1A3892B
                                                                                                                                                                                                                    SHA-256:D118484FC6E778B8ACAF28499E10243810906B55829C6BF7913BD07AB1BBC334
                                                                                                                                                                                                                    SHA-512:D487F62DA31CE07B668B764ED76525F98AAB7FECBA707E3987C099018DE042BCBC4114B890A74BCBFD5422A71AE3702B1417E4EB5A56CAAC089D9D41F13E26F1
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta.........p.$T.{G...Or.D.

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qjpeg.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.135891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00laquErmk:lgquEyk
                                                                                                                                                                                                                    MD5:8CFA0638459DB6DB689F81C1FC97C075
                                                                                                                                                                                                                    SHA1:878EB0B46FC4C6CD7F30388559CD8A6AE0EBEAEC
                                                                                                                                                                                                                    SHA-256:694D64A21EEABD25A85FE3ACF627DC294E8B8426DEA52515361A33F975C6C48C
                                                                                                                                                                                                                    SHA-512:FAF9E9A2C21C408B5F020608A0F413E60EE84C489E1ED09644E11E79098F437C01BA37746ED9C03BD6E0096E2421E47135C2896E5FE25F5C67FA2E153F0DEC9A
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta............KwR..n....*.+

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qtiff.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.198391110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lrvEOPu:lJ2
                                                                                                                                                                                                                    MD5:9C3E4AA6A36A7E5B86123592BFC01324
                                                                                                                                                                                                                    SHA1:6C3C1BB7EFC89C2F8888A8278501C8E9B88D1D20
                                                                                                                                                                                                                    SHA-256:26760DD7529F0DB8F418AA1B3FD59AA79CD6AD5D9537C3AA89EC60D95984BEB5
                                                                                                                                                                                                                    SHA-512:BADA79C8592F06F421ABCB9321D97ED52F0EA72D802B58102244B997D2714CD8102BD00585CA09E7AA81FACF0C6B589B384A29D83ADF39B4CF6585FEEC8F6D7E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta...........`~....|.....

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\libass.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.135891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lp2aDrSD:lbKD
                                                                                                                                                                                                                    MD5:590553401CC62BBA2C3180F51287D11A
                                                                                                                                                                                                                    SHA1:494CE17FAF1555F1B58D1E0980AA96F0963F8B01
                                                                                                                                                                                                                    SHA-256:5E32132D138ECC49CEBB6E90F488B0E338F9F202C00148D7187CBF506168108F
                                                                                                                                                                                                                    SHA-512:C087A2BCF2A73429C7631526B30F6AF851EE092C21675211139AE6AD90A27D1EC1E86E2AA4463D6A0E84B6344A21E794F898D4A758611031B15E4208C7721593
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta.........D.&cf.....=.e...

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\libeay32.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.135891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lyEw7TZ:lIEwPZ
                                                                                                                                                                                                                    MD5:4F1585068A3A6C78152C57EBEBDF3C9A
                                                                                                                                                                                                                    SHA1:796478622A1E974984C9D067A5ADE40FA84614C0
                                                                                                                                                                                                                    SHA-256:83C81746F7065C2B5E49D08310E61FFBC70A2286966CBD57F3E78A106A9729E0
                                                                                                                                                                                                                    SHA-512:66517A051B9DE200BD31EEF88B2F938EA52DE09B69CA746C7490506BCC937C6812E4E0C3292139E3630ABE646177B2D70ABA9FD2C570990AF4F93A3E188D0FBC
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta..........aZ...b=y.v..4.

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\platforms\qwindows.dll.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.049800876357291
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lq8obCx:lQF+
                                                                                                                                                                                                                    MD5:DEB83F8ED1B63E6352B95DDF77403F93
                                                                                                                                                                                                                    SHA1:E69DCB790341CA9D52890FC8173965925E5F03BF
                                                                                                                                                                                                                    SHA-256:9EFCCD9ADF774083D9C85E6BA4710596FDF89C191B751BA494A7CA16B98B7091
                                                                                                                                                                                                                    SHA-512:21A0296DBE0CB96EB3A12E515F455F6ECC2312547781A8A6F7AE7D6132558F4FF5BDAB29548AB3C73CBC852CB5C51AB6D0B3928DEC887A1F4A2161291B2B1524
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta.........G\.........mZ.Z]

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\resources\themes\Default\VideoEditor.rcc.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.198391110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lpz3wihS:lIig
                                                                                                                                                                                                                    MD5:A912FF91BEE41ECF4C0ADA49F0B007F2
                                                                                                                                                                                                                    SHA1:C07AFC11D5201A0ADEA21C75FE9789923FB42F40
                                                                                                                                                                                                                    SHA-256:7A0B3390C8753BF988B046D9D17CA9F98E29C4A26D3E135F92008FE2414FABE1
                                                                                                                                                                                                                    SHA-512:326A3AA6FA8A2EBD678065F205F8A08D8C53758A1F7CB3DAA93859C0742BA3433D42D14FFCE73908C6770EE23DA2F1BD9D89A429F5770ACE08A5F7DB6225A549
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta...........<d...RU)....

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Application.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):4400136
                                                                                                                                                                                                                    Entropy (8bit):7.438866529966472
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24576:YGMpqQOZCv82s886iugAxhTglzTMn3JXMiCHGj010Q+MQN/kkRhe4Y4Y4Y4Y4Y4p:SpqQOXxAxhTgKlMeMQ5x7f35d
                                                                                                                                                                                                                    MD5:1B46F1BFFA7EB06502DE924891F9B4BF
                                                                                                                                                                                                                    SHA1:4CFAE9571EDED302D4B1F4C2FBF540C6E835297B
                                                                                                                                                                                                                    SHA-256:20C7EB26D2562A20E4BC4D9648C32330179F1036759DE28371B6BC0E19F7FEE0
                                                                                                                                                                                                                    SHA-512:F89734D87E240984DC3945793181EB5F3BA7B7D253E667F154C4ABFFD58774A0FB821E9F5B0315F3537FDD0F9ACA1D6C4D3AD2F1094BD5DD53F8D95B62462DBD
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......XLCu.--&.--&.--&.U.&.--&'s.'.--&'s)'.--&'s,'.--&'s('.--&.t,'.--&...&.--&.s,'.--&.-,&.)-&.s('/--&.s-'.--&.s/'.--&Rich.--&................PE..L......Z.........."!..........7.....n........ ...............................`C......[C...@.........................._@.<...,.@.D....`B...............C......pB.......>.T...................d.>.......>.@............ ...............................text............................... ..`.rdata..6.6.. ....6.................@..@.data....R....A..F....A.............@....gfids..L....@B.......B.............@..@.tls.........PB.......B.............@....rsrc........`B.......B.............@..@.reloc.......pB...... B.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\ConfInt.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1102856
                                                                                                                                                                                                                    Entropy (8bit):6.490996449178343
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12288:tLjYErwpntR5wuos3TtmizH93LR1dXHwQGmzkDY3rgEju+3An24TKxW+a:FlrwpnMsDtmizH93LJzprnjTk
                                                                                                                                                                                                                    MD5:4CDE04AB03AF7BFC1F65BC19470B62AF
                                                                                                                                                                                                                    SHA1:E9971523D0D51BC2868969C65009F55FB23B44E1
                                                                                                                                                                                                                    SHA-256:FD4A5961C372D0DFA065745D3A512E95000011C59317E4E407F15E2B67B6486E
                                                                                                                                                                                                                    SHA-512:AB2C71CC3111681A20618880CDDB4FD3EB96463C1CB8BE3DC23C5744903877D66E98A8B9A9AFA8997BA85B2F7579052A1762295343DF94B9220692C86B5F02DB
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ,T.dM:.dM:.dM:.m5..hM:._.9.lM:._.>.oM:._.;.`M:._.?.sM:...fM:..;.`M:...;.gM:.dM;..M:...?.uM:...:.eM:...8.eM:.RichdM:.........PE..L......Z.........."!........................ ...............................p............@..............................~..,\.......P.......................`.........T...........................H...@............ ...............................text............................... ..`.rdata...a... ...b..................@..@.data............:...t..............@....gfids..L....0......................@..@.tls.........@......................@....rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\CudaManager.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):134152
                                                                                                                                                                                                                    Entropy (8bit):6.449969494940418
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3072:+aBeaUZYYYIYddbqWKp9A+OCSaJDbh1G3L:+aBeaU2HKrOGJ4L
                                                                                                                                                                                                                    MD5:96240E96BD3CC865E1A068B560181B52
                                                                                                                                                                                                                    SHA1:0B710B5FB99D724811CDD5091E750E319C8E870B
                                                                                                                                                                                                                    SHA-256:1425FEB675EFD8505F76E1B8290919B979AB0D4F6563A2412C1D2990CE0A98C3
                                                                                                                                                                                                                    SHA-512:09B4436CC28834C943068B7BDDB246A5F8CCA6DE2933FD9153E44999CF63E3BFEF916131F14FF4D722E6B3ABF46C6E01260D4EDFE18A7B611DD01E48FA5B784C
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........4J.gJ.gJ.gC.;gN.gq..fH.gq..fX.gq..fA.gq..fN.g./cgH.gO..gK.g...fN.g..fI.gJ.g..g..fK.g..fK.g..fK.gRichJ.g........PE..L......Z.........."!.....b...........M.......................................`......vR....@.............................T............ .......................0..`%..p...T...................$..........@...............H............................text....`.......b.................. ..`.rdata..lK.......L...f..............@..@.data...............................@....SHAREDS............................@....tls................................@....gfids..D...........................@..@.rsrc........ ......................@..@.reloc..`%...0...&..................@..B........................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\DecoderRAW.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1099280
                                                                                                                                                                                                                    Entropy (8bit):5.5107292249425095
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12288:NcIATiq8Z7rXLVRevvvIOTYGLDxpg80vkSmCkuDzThnWR:NcIATinXLLevvuGLD/g80vkSJr3F
                                                                                                                                                                                                                    MD5:1711F4D9E59F76246817679EAB5540B4
                                                                                                                                                                                                                    SHA1:EAAFB95E3DF688643B62F60A52ADCCF88EB4DE98
                                                                                                                                                                                                                    SHA-256:1E2E1DACC4AA34A98FC92993C8A6932784D11E185F2EB006F9F1D698C4CA6A58
                                                                                                                                                                                                                    SHA-512:6D0158605D3C523B6CF337963DEE982DC5518AF9CC233EF4477D82852C47177AE228B1456E9CC0BC1AC8BD7AFD971C1E620BE99FE85E4821C5DAC551949E81C1
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...ob..ob..ob..f...}b....[.lb..T<..ab..T<..db..T<..ib..T<..yb....W.kb...;..ib...<..fb..ob...b...<..eb...<..nb...<..nb..Richob..........................PE..L......Z.........."!.................c....... ......................................C<....@.........................Ph..$U..t........p..........................`......T...........................(...@............ ..L............................text...B........................... ..`.rdata....... ......................@..@.data...lH.......D..................@....gfids..H....@......................@..@.tls.........P......................@..._RDATA.......`......................@..@.rsrc........p.......$..............@..@.reloc..`............&..............@..B........................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorLogic.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):7768592
                                                                                                                                                                                                                    Entropy (8bit):6.313366131940976
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:GvF/i5AMBE9rqNeqqcp8lCIdtjHHiaTBrXPM5UeLOOEqB/vRP7xE0vsXrX5Kk4Th:mF/aAUExpdcp8lCYtrH3JeLAsPvMrX
                                                                                                                                                                                                                    MD5:EA5C98BFFF00DBF7151B06832622763B
                                                                                                                                                                                                                    SHA1:6919D9CB2DC1AC3565D21186D2141B8A59D752EF
                                                                                                                                                                                                                    SHA-256:C7F297FB4951975FEA9A115042E9D507007CDAC63DB6CEA07AEE0AE49E0DE7AE
                                                                                                                                                                                                                    SHA-512:6780AC9386D0ECC5DBB6788343B8C6FD0D2AA4CF2013E808649105159CF0D11E7052A57343613E5FD300C898F7A0C6E2E3761D64E7AE072551AD49CAB93D11E1
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#...g.|.g.|.g.|.n..m.|.\...n.|.\.x.l.|.\.}.c.|.\.y.q.|..w..c.|...}.e.|...}.c.|...}.<.|.g.}..|...y...|...|.f.|...~.f.|.Richg.|.........PE..L......Z.........."!......R...#.....~MJ.......R...............................v.....A.v...@.........................@.b.(...h.h......0p..............nv......@p.8...0.U.T.....................U.......U.@.............R..'...........................text...m.R.......R................. ..`.rdata..&.....R.......R.............@..@.data...,0....j.......j.............@....gfids..L.....p.......o.............@..@.tls......... p.......o.............@....rsrc........0p.......o.............@..@.reloc..8....@p.......o.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorModel.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1288720
                                                                                                                                                                                                                    Entropy (8bit):6.177629919654217
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12288:ga7PQP6KNsGrbovClj9UeN4udUUW2wwxmmWlR8ddMSvac7EOZr0XaCLr22xUsSis:ga7PV3ptgnu
                                                                                                                                                                                                                    MD5:70FA45B7CD812FB35B79160D3F30F4BD
                                                                                                                                                                                                                    SHA1:14CED346D24A76A89C7CB5942E8EACCB91B3747E
                                                                                                                                                                                                                    SHA-256:B7B919A4D830C8A6811410BCF1585189F6107DC71C4DC9C52FDB8695FFA31B50
                                                                                                                                                                                                                    SHA-512:EF5A275CC3AA41A8BF5E730D799449FBA362B2096C5D171A8BFB8436EEA9D31302F416509B77F6879287349D53B0829978585CCC29AC960E16C2185BB9B5E500
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8%YT|D7.|D7.|D7.u<..zD7.G.4..D7.G.2.iD7.G.3.wD7.G.6.xD7.....~D7...6.~D7...6.wD7.|D6..D7...2.zD7...7.}D7...5.}D7.Rich|D7.........................PE..L......Z.........."!................................................................u.....@.................................H....... .......................0..x.......T...........................(...@............................................text............................... ..`.rdata..............................@..@.data...L....p...|...L..............@....tls................................@....gfids..D...........................@..@.rsrc........ ......................@..@.reloc..x....0......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorModule.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):4163080
                                                                                                                                                                                                                    Entropy (8bit):6.292109648962723
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:sewPFrw9ZfdTy4pd8BCLzoOImwvl+iawZre:twS9HyBCLEOImwvl+im
                                                                                                                                                                                                                    MD5:09C5345F81C9DE57781BE550A796C690
                                                                                                                                                                                                                    SHA1:00F7DFEA27D514BA04218CBEF84B7F0519AD7BB1
                                                                                                                                                                                                                    SHA-256:F85CBCF8B855D9D04CD6B3F0C599A3E2AD75546336ED611CE7B1C9BC1ACC0A7A
                                                                                                                                                                                                                    SHA-512:A88398C739036D9F7B6558DC255EE8372915F9B6098AB7FFD1519FCC1EC5592C72B23B99238DB10583A95396F9C6D5EAD7C4EA6FFA24E02801993A8776C85AD0
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...oa.oa.oa.f.P.ga.T?..ha.T?.|a.T?.da.T?.ka.....ka..8.ka..?."a.oa.Kk..?.(a..?.na..?..na.Richoa.................PE..L......Z.........."!......*..z......n.&.......+...............................?.......@...@..........................z5.x...H{5.......;..............j?.......;.......-.T...................T.-.......-.@.............+.P)...........................text...g.*.......*................. ..`.rdata........+.......*.............@..@.data.........7.......7.............@....tls..........;......J;.............@....gfids..D.....;......L;.............@..@.rsrc.........;......N;.............@..@.reloc........;......P;.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorUtil.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2213384
                                                                                                                                                                                                                    Entropy (8bit):6.366484054263376
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24576:O09i181EmdExCCBb2FHtu8HYs3c9Dw5+xUxaIiBjo:O09n1ZEYBFHtu8HYsEDwEHxBM
                                                                                                                                                                                                                    MD5:C0513CE4A6F41815A69A37CDBE613A86
                                                                                                                                                                                                                    SHA1:4C8A172EB8BF4CD3EE9E52A7076CF36D817C0942
                                                                                                                                                                                                                    SHA-256:56EDA6182C27B08E143393814708F6ADB6D33479CCF6F0C96254A8B69FF1235D
                                                                                                                                                                                                                    SHA-512:1E4A656D6434CD4801607F69926E5F39224B3FD27D56CB6221BB7E4ABB2DDC43A4376CAEB96DB4DF0524FA98716EEE10680FBF2EFC2DA2AE56D2F9012DF8000C
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<...o...o...o..Wo...o...n...o...n...o...n...o...n...oE..o...oj..n...o...n...o...o...o...n...o...n...o...n...oRich...o................PE..L......Z.........."!.....V...P.......*.......p............................... "......j"...@..........................1......L......... ...............!...... .........T...................T...........@............p...............................text....T.......V.................. ..`.rdata.......p.......Z..............@..@.data...T....@......................@....gfids..L...........................@..@.tls.......... .....................@....rsrc......... .....................@..@.reloc....... .....................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorView.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):5252624
                                                                                                                                                                                                                    Entropy (8bit):6.308977070093551
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:laeM3m+mE7IIzUO62+NpKgzJZocJyhXzbHpV8M1B/T1pvnayKUyq:geMy7NxJZoccvjT1pPa
                                                                                                                                                                                                                    MD5:B1DCD9956F2901D068D0DD514EA30A49
                                                                                                                                                                                                                    SHA1:64602D9F457B9FB0B1420E03AED3536C83962B9E
                                                                                                                                                                                                                    SHA-256:51F8EA93B34C1EBF84E527C897B8688C5F2EAECCF3F3613C378D0E923B6A6454
                                                                                                                                                                                                                    SHA-512:38C956CDBDF5E9ACF2FD1EF5F38893AB775B8DDE7471E726CFC4857DDCF0A5D615EE041C2112A8E01CFA04387E6C7837336C2D43ADA42B37708EAEE6CF63A7C5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2R.RS<.RS<.RS<.[+..TS<.i.?.ZS<.i.8.YS<.i.=.VS<.i.9.ES<.....VS<...=.VS<...=.}S<.RS=.*X<...9.+S<...<.SS<...>.SS<.RichRS<.........PE..L......Z.........."!......7..^.......&2.......7...............................P.....9mP...@.........................p.C.(....jE.......K...............P.......K.h....Y;.T....................Z;.....8Z;.@.............7.`............................text.....7.......7................. ..`.rdata...&....7..(....7.............@..@.data....p....G..Z....G.............@....tls.........pK.......K.............@....gfids..D.....K......0K.............@..@.rsrc.........K......2K.............@..@.reloc..h.....K......4K.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\ExivMetadata.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2180624
                                                                                                                                                                                                                    Entropy (8bit):6.6191909501279484
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:L0LPEMIn/1F06Lh0m44MFRIR1dmr+TLkzK:L0LPEMp62T4MFRgN
                                                                                                                                                                                                                    MD5:4743883D312D982E18E8CA7CA956767E
                                                                                                                                                                                                                    SHA1:C6773D339B6F7EFF4895AC9025954CFDFBF60DCE
                                                                                                                                                                                                                    SHA-256:29D3B56626598E2797DA0294514C2624F42BAF632D497D62A977EA25EC6BFF2D
                                                                                                                                                                                                                    SHA-512:FAD40A1310AE1D4801E57D18124701B07576F013582B2D521F1F19F20E9F54A267574E7C02C6B4326D58D9AE2077BA0723D9F58B810E7A35F563D3276CCBEFFC
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......(.4l..gl..gl..ge.Cgx..g.&.go..gW..fk..gW..fg..gW..fh..gW..fv..g.y.gd..g...fa..g...fj..g...fg..gl..g..g...f(..g...fm..g...fm..gRichl..g........................PE..L......Z.........."!.....N..................`...............................P".....].!...@.........................P................p ..............*!....... .........T...................T...........@............`..|............................text....L.......N.................. ..`.rdata.. ....`.......R..............@..@.data...,S.......x..................@....gfids..H....P ......T..............@..@.tls.........` ......V..............@....rsrc........p ......X..............@..@.reloc........ ......Z..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\FilmMaker.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1965072
                                                                                                                                                                                                                    Entropy (8bit):6.263555564389405
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24576:zQ/pdvRxrLvU2sP1ct2Xr2UKQH2OmZOP/:U/pIywXqPQH2OmZOH
                                                                                                                                                                                                                    MD5:5518BCD4F6DC8AF3F6EC1D9D86D551D8
                                                                                                                                                                                                                    SHA1:9C2237EA60D90E30F3FAC522ACD3D445CA0D929E
                                                                                                                                                                                                                    SHA-256:30B457DFEDD6CA17DFF3A61647AF1F1FD16683F21BA1C018E8D664C2EAEEC6F7
                                                                                                                                                                                                                    SHA-512:6BD63F575519D2D0032C150B53BE0C5CB5D4E1BEDA0E0A714DB655B8A2E1DCF8AB73748B8906D7EC3DC5EE87540DADE94860320780FED7C7BD71DC8662D7053D
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z............cJ.....E.....E.....E.....E....b......MB....(E..........(E....(E....(E....Rich...........................PE..L......Z.........."!.....f...v...............................................@......C6....@.........................PL..8....P.......P.......................`......@...T...............................@............................................text....d.......f.................. ..`.rdata...!......."...j..............@..@.data....|.......t..................@....tls.........0......................@....gfids..D....@......................@..@.rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Filters.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1712648
                                                                                                                                                                                                                    Entropy (8bit):6.357540392611961
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:EfnUmqH+D8tt4kAsb7R/q8zLIMXhoN1oz4Ag2tSSJbRlbR54g2Rfn8FlK9FT:Efjbsb7qMRr320o
                                                                                                                                                                                                                    MD5:F095CC70D7A27CFC5CBD940C579ECDF3
                                                                                                                                                                                                                    SHA1:54345A5478C988A3E7078D8F5EA1FC5F0F98AC5B
                                                                                                                                                                                                                    SHA-256:F26957743379662E55CA1BC35D3A3D0CF5E6B4ADB1DB199B08F17578C50A9B18
                                                                                                                                                                                                                    SHA-512:283286251DB092ED807FBCC26FB4E1F61103755A1FE7AC8A84AF281B63D57B73B52CCA1B5FD8071215E12E88619202347F37B754EA0D31CD17EAB20F039D0E65
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X..1.b.b.b.b.b.b..}b.b.b'<.c.b.b'<.c.b.b'<.c.b.b'<.c.b.b..%b.b.b.;.c.b.b.<.c.b.b.b.b.`.b.<.c_b.b.<.c.b.b.<.c.b.bRich.b.b................PE..L......Z.........."!................ ........ ......................................1.....@.........................._..P....j..................................0e..P5..T....................6.......5..@............ ..d............................text............................... ..`.rdata....... ......................@..@.data........0......................@....gfids..L...........................@..@.tls................................@..._RDATA..............................@..@.rsrc...............................@..@.reloc..0e.......f..................@..B........................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\GeneralPlugin.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):3507216
                                                                                                                                                                                                                    Entropy (8bit):7.958800747735346
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:98304:DTY1x84UWqJyeE/+s1lwjU/GBKlK4XXMOmsH/xE:DTQM3g1lwI/PJnMYH/K
                                                                                                                                                                                                                    MD5:E8BCF641E5BF465D16A319277775F78F
                                                                                                                                                                                                                    SHA1:F44022191D8DC6B3793FCAADA9088EC83469DF7E
                                                                                                                                                                                                                    SHA-256:914E5D426A4D0FF8E6EBBA027BCF55374FF8EC981621085FF40A42A21DFBBBE8
                                                                                                                                                                                                                    SHA-512:65C3385BFB7D1F3770115589671AEAE0FAA2D2FBE4E15C3741629BA944A52AE8B2CDE2621FAB8C3B9D6B044BB6DF5843210792448F145EBCEFF78F4712D19D90
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............~U..~U..~UDm.U..~UDm.Ut.~UDm.U..~U..{T..~U-..U..~U.}T..~U.{T..~U.zT..~U.l.U..~U...U..~Ug.{T..~Ug.~T..~Ug.|T..~URich..~U........................PE..L......Z.........."!.........b.......................................................'6...@............................|...m........................h5....................................P...................................................... . .........V..................@....rsrc................f..............@....idata .............h..............@... ..L..........j..............@...ogxfutkn..1...W...0..l..............@...uczfqxzy.............f5.............@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Core.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):4648968
                                                                                                                                                                                                                    Entropy (8bit):6.845273620705971
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:Yg7R0PnB5Y8Vh8+gARa61cjr94fJsv6tWKFdu9CkTQ7aCT0AaasQLlRtgqEkLx06:D7RIB5JgkrqP9UJsv6tWKFdu9C2DuiQR
                                                                                                                                                                                                                    MD5:D4FC5E41BE328A98C005A666272CE6E2
                                                                                                                                                                                                                    SHA1:D6017248D936EE5488A043A00222AB74D14D338E
                                                                                                                                                                                                                    SHA-256:0E0EFB868798F375A1927AA27D8A7294ABEB29179B40A55F0DA7C4779CC54F1A
                                                                                                                                                                                                                    SHA-512:58DEA76C3DBC16E2058F18D3BD65F57EC47B4487A8165F3E7CC250BD4081CCCFF7F71C4A05F6BB625D5789476BB9B8EE77E0EC8D0ACEF03DF8390ECD8A61D0F3
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......64..rU.CrU.CrU.C{-tC`U.C.. CwU.CI..B|U.CI..ByU.CI..BvU.CI..BkU.CP5.BqU.CP5.B}U.CrU.CST.C...BTU.C...BtT.C...BsU.C...CsU.CrUpCsU.C...BsU.CRichrU.C................PE..L....!.Y...........!......#..z#.....i.!.......#....g.........................PG.......G...@...........................?.p...`.E.|.....E...............F.......E..W..0.<.......................<.....P.<.@.............#..............................text...Q.#.......#................. ..`.rdata....!...#...!...#.............@..@.data....z...@E..L...&E.............@....tls..........E......rE.............@....gfids..0.....E......tE.............@..@.rsrc.........E......vE.............@..@.reloc...W....E..X...|E.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Gui.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):5023760
                                                                                                                                                                                                                    Entropy (8bit):6.801933494978092
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:N5znUGL/Y0CgtbZPpBEHivkKrfB5sIjat0vKf/8Mkj1IGbdWckJ+4Ncxy7Lp97ga:zjv9pvLrxvSA1IGWNzj1Cwp
                                                                                                                                                                                                                    MD5:725E29E775B2B2DC947478FE01C8BF6E
                                                                                                                                                                                                                    SHA1:EF9B7B50DE16DFDAFB0C681A22B13D38B76C03AB
                                                                                                                                                                                                                    SHA-256:41F80696EC0BA0DB54EBFAC3CDD21A3A727CEE85085EC1712D6A7CFB0DD456A5
                                                                                                                                                                                                                    SHA-512:666D88FD6548986B9544E9EA6F5E9776EFCBA63733F03F898D74719E86B971D8A0A96EE92DE42D3096B35396805DEE2E3E1CB64E964F1EAC3A9D6C038859743C
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............s...s...s......s.G[....s..p...s..w...s..r...s..v...s.N.r...s...r...s...r..s.N.w...s.N.v...s.N.s...s.K.....s.......s.N.q...s.Rich..s.........PE..L....".Y...........!......,..& ......,.......,.............................. M.....^.L...@..........................(1..`..|.H.@.....J...............L.......K......0.....................L.0......0.@.............,..............................text...z.,.......,................. ..`.rdata........,.......,.............@..@.data...T@...pI......VI.............@....gfids..L.....J......dJ.............@..@.tls..........J......fJ.............@..._RDATA..0.....J......hJ.............@..@.rsrc.........J......jJ.............@..@.reloc........K......pJ.............@..B........................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Qml.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2518024
                                                                                                                                                                                                                    Entropy (8bit):6.544214046535609
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:B8gyHfJgsHzR2/BkbTjgne/7MCzLIrXwXtAMrB5u:B85HzRtbfwiDXtAMrBQ
                                                                                                                                                                                                                    MD5:BD87B4CFEB393EB75BA3820492CD38B0
                                                                                                                                                                                                                    SHA1:FE92B919FF4F6779315969CF793ECD12768D9610
                                                                                                                                                                                                                    SHA-256:C7297DBB3B96460C39132D943AB012BA018E2447C61CACE034085A339AC54354
                                                                                                                                                                                                                    SHA-512:BDF209EAC6ABCB71A026ACC3D2FBD144CED0142EF0DEA4280A145EF85925EF1C4B4261533CB125885996BD4FE7330D4C7569B701C71BC39A2217D864E948FA1D
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............q...q...q.....q...r...q...t...q...u...q...p...q.-.p...q...p...q...p...q.-.t.g.q.-.q...q.(.....q.....q.-.s...q.Rich..q.................PE..L....'.Y...........!.........T......}........ .....f..........................&......a'...@......................... ....d...p#.......%..............P&...... %.....`..................................@............ ..0............................text............................... ..`.rdata...3... ...4..................@..@.data........`$..r...H$.............@....gfids..L.....$.......$.............@..@.tls..........%.......$.............@....rsrc.........%.......$.............@..@.reloc....... %.......$.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Quick.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2584592
                                                                                                                                                                                                                    Entropy (8bit):6.673967359191832
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24576:+72NPUIttYsZE4VbGxzTfT8c/YQ/UEgDma7fCaG6DbWAFjuJqFYm5scuw1KIwXga:IvsNWei+YCoHYp7tlMvbjZbfFNAabzX
                                                                                                                                                                                                                    MD5:DD1911EDF6E525414043017CC95BBD66
                                                                                                                                                                                                                    SHA1:5159FBF1868F772BF025F2D8B4008C0284D06794
                                                                                                                                                                                                                    SHA-256:34A827CF0BBF6FC01F80A16AE2A2462AFA869FC5941C4848F3EF0C80CE3394ED
                                                                                                                                                                                                                    SHA-512:985CC620D4BB1D6F612E587DB234E954E8D82F706D954B0DFA72CB6B5A57C23A784F074D4D758A97BDD0F86DB22ACA19DB635FF4DD8F9F4813EC020CAB74500A
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t....v..v..v.m...v.Ku..v.Kr..v.Kw..v.Ks..v.&Kw..v.uw..v..w...v.&Ks.I.v.&Kv..v.#K...v.....v.&Kt..v.Rich..v.........PE..L...g(.Y...........!.........J......c........0................................'.......'...@.........................`.........".,....p%..............T'.......%.h7......................................@............0...)...........................text............................... ..`.rdata..`....0......................@..@.data...|.....$..v....$.............@....gfids..L....P%.......%.............@..@.tls.........`%.......%.............@....rsrc........p%.......%.............@..@.reloc..h7....%..8....%.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Widgets.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):4441096
                                                                                                                                                                                                                    Entropy (8bit):6.863374475131253
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:/PQn9PEAVrrHG8E7fb/wIKzjSc122lu2kYBOruWeYNOu+Sr+2xTTW+k:wpEpz7jCjrTuveMnrr+25TWP
                                                                                                                                                                                                                    MD5:9CD7925D5F4117E033370C21CB9587AF
                                                                                                                                                                                                                    SHA1:401A2D6790B4199D0E9969EF91AD1FE7CABEDA09
                                                                                                                                                                                                                    SHA-256:B482699FB43BE37BF1840D7A263671F29A2E394B169D0553320030EBD686A8C8
                                                                                                                                                                                                                    SHA-512:D6EFD1AC6274B53FBD02A959214E35648A17332CD0C6B415D333260AEAD1778C04C1F99EBFA6111197333C7EDCE20033C0D40C0C0E8409DBED5B055EE21BE810
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'...F.A.F.A.F.A.>-A.F.A...@.F.A...@.F.A...@.F.A...@.F.A8..@.F.A.&.@.F.A.F.AyJ.A8..@.F.A8..@.F.A=.AA.F.A.F)A.F.A8..@.F.ARich.F.A................PE..L...M#.Y...........!......*...........*.......*....e..........................D.....X"D...@.........................@.5.D....z=.......@...............C.......@..g....4.......................4.......4.@.............*..2...........................text.....*.......*................. ..`.rdata........*.......*.............@..@.data....p....?..h....?.............@....gfids..L....p@......6@.............@..@.tls..........@......8@.............@....rsrc.........@......:@.............@..@.reloc...g....@..h...@@.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5XmlPatterns.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2253328
                                                                                                                                                                                                                    Entropy (8bit):6.603086704899176
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24576:ca5PCwBljqnVwHmuEXPTV/KD69ZEF/lBHasxA7v0wVywTSnJKWTK:cahwVxXBKu9KasQv0KywTSnJKWTK
                                                                                                                                                                                                                    MD5:CC6D3FE1F5A7B24EBA2A2F088FC8D9CB
                                                                                                                                                                                                                    SHA1:68C9AD27B1DCC372EFBEB749CE7EAD35EEFE8619
                                                                                                                                                                                                                    SHA-256:74B0DF17B0F3474518897B35C276692C99614CE9A8AD0DCC2D5AF051F3FB2ED8
                                                                                                                                                                                                                    SHA-512:604D08E68B8D5EA3461301BF63D6EB88C7227C67346AB64253EEDB43B2B052BF83E5EBE4D7DAC1B29D2FE8BCBC01EB3BD1CCDEDBB923CD63387F647253934386
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,T+_M:x_M:x_M:xV5.xWM:x}-;y]M:xd.9yXM:xd.>yTM:xd.;y[M:xd.?yGM:x..;yZM:x_M;xGO:x..?y.L:x..:y^M:x...x^M:x_M.x^M:x..8y^M:xRich_M:x........................PE..L....%.Y...........!...............................a..........................".......#...@.........................P....@........... ..............F"......0 ..b..P...............................p...@...............T............................text............................... ..`.rdata...K.......L..................@..@.data........0......................@....gfids..L..... .....................@..@.tls.......... .....................@....rsrc........ .....................@..@.reloc...b...0 ..d..................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\SlideshowMaker.exe

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):860680
                                                                                                                                                                                                                    Entropy (8bit):6.3917500089558414
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12288:a341ikxHgEcvF0swEKjY9BAYhllllllllldokJA/Oz4Pq+OI0+5B1w+4v9ThM4mD:64gjhllllllllldoD/OUPq+r4vhhzqhP
                                                                                                                                                                                                                    MD5:B9563BC9A137423D873F79DF83E26812
                                                                                                                                                                                                                    SHA1:D92DB683E283A5A83873C7AABD84EED018DA9C9F
                                                                                                                                                                                                                    SHA-256:E782F3DB9090ACB6DA0DDC71BBC33C9AE08059287C14F678C165071FA6C5A7A8
                                                                                                                                                                                                                    SHA-512:CD6F24B601F1D55A71FADF59419FA09D6C2340549823EC7A74E99CEF86F62422A0498C6CED24FBC9920EBAC72A766FFA6CA5FF91B608894425C61C0302F53C7C
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......eI9.!(W.!(W.!(W.(P.-(W..vT.#(W..vS.,(W..vV.%(W..vR.<(W....%(W..qV.'(W..vV..(W.!(V..*W..vR.3(W..v.. (W..vU. (W.Rich!(W.................PE..L...M..Z.........."......t.......................@..........................P............@.................................L6..H....p...G..............................T...........................(...@............................................text...!s.......t.................. ..`.rdata..6k.......l...x..............@..@.data...`N.......F..................@....gfids..T....P.......*..............@..@.tls.........`.......,..............@....rsrc....G...p...H..................@..@.reloc...............v..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\VideoAnalyzer.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2137616
                                                                                                                                                                                                                    Entropy (8bit):6.699846603006673
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:z3O1czzceUDaGPjyM4gdv1/cETC5KTiEnZyv0TMYDehh:z3liDaG2Cv1EyTbBD
                                                                                                                                                                                                                    MD5:D06E5D5A829F23240712A8583209B50F
                                                                                                                                                                                                                    SHA1:3E472569F9DD5F66018EA04E27EDD308355BCC5C
                                                                                                                                                                                                                    SHA-256:662A8DE3AC302A917CB8EB6F5290DB361A3DC0F47DAE02E5F987B3B69C8C5764
                                                                                                                                                                                                                    SHA-512:D99C087FD76EE4BC8F95B649CD98DE49A0AA76ED083DD5E60F19521C13925A09827C0050793241CC34E2BC5B668173E920846DFEC40611306A8F287B686B8803
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................yN.......................L&B.........c.................................Rich...................PE..L......Z.........."!.................U........................................".....#.!...@......................... B.......S..|....P!............... ......`!......$..T...................4%.......$..@............................................text............................... ..`.rdata..............................@..@.data............T...z..............@....gfids..@..... .....................@..@.tls.......... .....................@..._RDATA........ .....................@..@.rsrc........P!......n..............@..@.reloc.......`!......p..............@..B........................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avcodec.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):20760184
                                                                                                                                                                                                                    Entropy (8bit):6.590900113670029
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:196608:MEFS0QsBS5IZyeqAjtq3Ofk99k9yaEqitVeuT/Tzw5gYIBd1qtbMEbXdGjxqY86J:fg0QQSbeqAjteTzwtbgxqY86pus8D3
                                                                                                                                                                                                                    MD5:7F6DD6ED7B04B5DC2617F09EA66A83E0
                                                                                                                                                                                                                    SHA1:F71FDF022BFBEB503DA2D4BB0475073019CF9CD2
                                                                                                                                                                                                                    SHA-256:66D92E901B9129E8773E5E5773363BCF9CF0F022D3C669255EA3E0EE21AC8434
                                                                                                                                                                                                                    SHA-512:FEEED393CBCA0D3EC773B1DF9CB8D96ADE2302EC241DEFFE4FECDFAD4FD2B2A4F217A33B9ECD1D5676298BCA20E8021C61C727DDA2B966617E70963AEDE6A20D
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!e&Z..$........!..........#..j........... .....f................................}.<....... ......................p...........-..................h.<............................................................................................text...............................`.P`.data....X... ...Z..................@.`..rdata..0.D.......D..p..............@..@.rodata......P.......:..............@.`@/4........... ......................@.0@.bss.....h.... .......................p..edata.......p......................@.0@.idata...-..........................@.0..CRT....,............. .............@.0..tls.... ........... .............@.0..reloc.............." .............@.0B/14.....X.............#.............@.@B/29......e.......f....#.............@..B/41..........0.......P$.............@..B/55..........@.......X$.............@..B/67.....8....P.......b$.

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avfilter.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):3183656
                                                                                                                                                                                                                    Entropy (8bit):6.267272093053561
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:gLv7EmQRG8Jx+zpFlyhCzyFj1f68pN9dH/xYTt0ShiwWozSOesWzsEe:IgGeapFlyhTfDpNb/xY2S8
                                                                                                                                                                                                                    MD5:BE65CED2E0C455858FAE39C188A9C0F1
                                                                                                                                                                                                                    SHA1:609574D8BBFEF83F8EA150E4F1293FB52071E3A7
                                                                                                                                                                                                                    SHA-256:EE14ECC080C09588ABC1D295C7CBEA00F9928A1B63C008A333A5D9768D1EB5EC
                                                                                                                                                                                                                    SHA-512:3ACDBF9F28C9FE7BDC7F10207188B39519399F2A12E093BDAA435E6D6ADF8933C15490755724D00C7606569964690EE51567EB425E6AC877DBB0FB8815C0F973
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#e&Z..*.?<.....!.....@....*..R...........P.....k..........................+......t1....... .......................*.......*..1...................x0......p*.L............................`*.....................$.*.H............................text....>.......@..................`.P`.data...HL...P...N...D..............@.`..rdata..............................@.p@.rodata.......&......l&.............@.`@/4............&......r&.............@.0@.bss....@P....).......................p..edata........*......x).............@.0@.idata...1....*..2....).............@.0..CRT....,....P*.......).............@.0..tls.... ....`*.......).............@.0..reloc..L....p*.......).............@.0B/14.....8....P+.......*.............@.@B/29.....Q....`+.. ....*.............@..B/41...../.....+.......*.............@..B/55.....$.....+.......*.............@..B/67.....8.....+.......*.

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avformat.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2883232
                                                                                                                                                                                                                    Entropy (8bit):6.159675780589993
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:OgjoqNjPHD7X6jweWtnJD3lZmMylthjS1ZNCNKHZlk8BOD1tACYvRqK3+J7jaqiL:OgjoqNjHD7XkweWz5ZmjhjS1ZNCA59BZ
                                                                                                                                                                                                                    MD5:A71E8C4061D5EDFF563D9CCE2F329234
                                                                                                                                                                                                                    SHA1:883190E9C5FB7E3D416790DB5F7F8063C4D85CA4
                                                                                                                                                                                                                    SHA-256:F68F00498355789D844183D9F775563E6A973539AB0639D96C0B2DF726195542
                                                                                                                                                                                                                    SHA-512:E3DA1EA8C17A3AFA455368051152B71ECA1D3B611B20940D4623F238E01B95D9B17E4C2F5642D5AA31C5CCE8AB6380ACD2A84D1C80A847A75126CD8A6545C6E2
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."e&Z.$&..=.....!..........%....................e..........................&.....[.,....... ...................... %......@%..=....................+.......%.@.............................%.....................|H%..............................text...............................`.P`.data...............................@.`..rdata..............................@.p@/4......D....@".......".............@.0@.bss....@.....%.......................p..edata....... %.......$.............@.0@.idata...=...@%..>....%.............@.0..CRT....,.....%......B%.............@.0..tls.... .....%......D%.............@.0..reloc..@.....%......F%.............@.0B/14.....8....`&.......%.............@.@B/29.....Q....p&.. ....%.............@..B/41...../.....&.......&.............@..B/55.....$.....&.......&.............@..B/67.....8.....&......"&.............@.0B........................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qgif.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):33288
                                                                                                                                                                                                                    Entropy (8bit):6.385647278453995
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:a6nLJiRxTr8RkWeDjIvkdRLFA1c5OW89CXgUP3whP:PFiDTr8kWMjMkzFAS5OW8AQUPghP
                                                                                                                                                                                                                    MD5:700C24540D7B4716F9824F720B44E8B0
                                                                                                                                                                                                                    SHA1:2526441D011650838B98320E47303AB0F09584D3
                                                                                                                                                                                                                    SHA-256:F53F37687D8DB9E2651051BD0FE1A5BEB6A9081F2804332ACFBF4413F0B5FB89
                                                                                                                                                                                                                    SHA-512:04961A9312911761D0D568C4710D7C21693F626C615ABADF8FBED03733BDA29D1362673377CC5867371FA4757399A20135867B28FAC3749F57A382521617A7FF
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.._..j...j...j.......j.0.k...j.).k...j.0.i...j.0.o...j.0.n...j...k...j...k.g.j...o...j...j...j......j...h...j.Rich..j.................PE..L....#.Y...........!.....4...2.......<.......P............................................@.........................p[..t....[..........8............f..........D....T.......................T......0T..@............P...............................text....3.......4.................. ..`.rdata..V....P.......8..............@..@.data........p.......T..............@....qtmetad ............V..............@..P.gfids..L............X..............@..@.tls.................Z..............@....rsrc...8............\..............@..@.reloc..D............`..............@..B........................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qjpeg.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):252936
                                                                                                                                                                                                                    Entropy (8bit):6.542210702922311
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6144:qPHZYqszHEHn3CuKS6b/J9yXp1xp7S4pak+/Gk9hNuE5EIozxzb:AHZYM3CuKtJ9yXp1xp7Zhw1a
                                                                                                                                                                                                                    MD5:F79A074B7752E6FA6E88CCFA832A882B
                                                                                                                                                                                                                    SHA1:7BA940D208DCC186CB6FD99BFCB31066D45C2D19
                                                                                                                                                                                                                    SHA-256:3914B7FADF81608BBA087718CB0D469401B7D785D45197ACCFA04EC6ACCE7CAA
                                                                                                                                                                                                                    SHA-512:A35739D10177A9D8973EF4695A372975CFCC49FEB7A88520285C3A2B5D86367FC9876A124CD30C96E001814ADAD1DC52D0041752943A8C608DBFCE819C4AA055
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}..}9...9...9...0.y.3....../;....../;....../;....../-....../2....../<...9........../......./:....../8.......8....../8...Rich9...................PE..L....#.Y...........!.....P...p.......Y.......`............................... ............@.........................@...t...............8...................................................\...........@............`...............................text....N.......P.................. ..`.rdata...Q...`...R...T..............@..@.data...............................@....qtmetad@...........................@..P.gfids..L...........................@..@.tls................................@....rsrc...8...........................@..@.reloc..............................@..B................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qtiff.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):323592
                                                                                                                                                                                                                    Entropy (8bit):5.702638469860292
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6144:4nBMm4FK7JwUDIDGIK482edm2s3JDBfbwX/VDkuZUk2WY:4ug6UDv482L9bwE
                                                                                                                                                                                                                    MD5:C6CAB5607E8CB6AB1E7CBFB4EAB50E9F
                                                                                                                                                                                                                    SHA1:0A731734FC6663B6B9D04DD1F39669CBEFC051C4
                                                                                                                                                                                                                    SHA-256:DA89016C70DC1EF3C3409F3AD0024779066018C4EAFE4D5035C855F740D1B852
                                                                                                                                                                                                                    SHA-512:8C542B3306D3A72345D5E35120DF019E5B2005ECD2372561C6BB14864AA0E448BCFE2531CEF5457D0012ABA5CAFD2F01F22E3D199B431F5579C6B26D5A76C7B4
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................._...........................................)......................3..........Rich...........PE..L....$.Y...........!.........P...............................................0.......h....@.............................t...............8............................~......................,........~..@...............T............................text.............................. ..`.rdata..............................@..@.data....*.......&..................@....qtmetad@...........................@..P.tls................................@....gfids..L...........................@..@.rsrc...8...........................@..@.reloc..............................@..B........................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\libass.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2493672
                                                                                                                                                                                                                    Entropy (8bit):6.799803147772597
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:ONLlISsD2+kwQBAUZLYbBcpGaXBuQQ9OQPOCbr:ONTK+LBAUZLFm1r
                                                                                                                                                                                                                    MD5:4413266366BCF0C5D0E53DFF65F8B7B7
                                                                                                                                                                                                                    SHA1:99419709EE048C1FFC18987B9422A168F04286CE
                                                                                                                                                                                                                    SHA-256:8CCDDF597C51E4065BD0EAE584DE079E823CBF58119C7B8CED1F3492443BF308
                                                                                                                                                                                                                    SHA-512:34B4DDF725A423E5CBFA382AD9A4A2C0344AE4C6A9D23FAC4EB2074CA02EE2435E2205DE8BFD948C6C27E947F694AAE06D50381A790CB6D6783EB989024A0709
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....e&Z.."........!.........."..............0.....c..........................#.......'....... .......................".4.....".......................%......."...............................".....................h."..............................text...............................`.P`.data...<C...0...D..................@.`..rdata...............\..............@.p@/4............ ......b .............@.0@.bss.........`".......................p..edata..4....."......0".............@.0@.idata........"......6".............@.0..CRT....,....."......D".............@.0..tls.... ....."......F".............@.0..reloc........"......H".............@.0B/14.....8....P#.......".............@.@B/29.....Q....`#.. ....".............@..B/41...../.....#.......".............@..B/55.....$.....#.......".............@..B/67.....8.....#.......".............@.0B........................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\libeay32.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1274888
                                                                                                                                                                                                                    Entropy (8bit):6.812537778860811
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24576:/P9+KpPEuO9o6F6W/QqR+fOUGR+YNe/dDM0cOWf3AXtPrqtXUsgRXc:dJ6F6W/7ZNeK0OfAXtPrqJUsgRXc
                                                                                                                                                                                                                    MD5:9F615AA4E59717623D79B876BABC34E4
                                                                                                                                                                                                                    SHA1:A6B7F966B6EA17C93913FDAB359F7631F5F58E59
                                                                                                                                                                                                                    SHA-256:AE0C1653BAFF4B0F634FD66242AFC26A4B501FF7D0EEB5CB8A042BED99F63C37
                                                                                                                                                                                                                    SHA-512:260F52BF7CFF3E1D47300113F68D716FB947AF6B8C6AE38B8A07A39A11E461A71CB8DFC3A3E90F8C19D3BAC8CCF31E9F4FF045167020A5D65529E91828A276D3
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~............gp.....A.....A.....A.....A......(.......Z........\A....\A....YA.....\A....Rich...................PE..L......W...........!.........h...............0...........................................@.............................t...._..h.......H............X....... .........T...........................(...@............0..x............................text............................... ..`.rdata...<...0...>..................@..@.data........p...`...T..............@....gfids..............................@..@.rsrc...H...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\platforms\qwindows.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1017872
                                                                                                                                                                                                                    Entropy (8bit):6.658087890642478
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24576:w13c9SU6mjvEiZfF3LCfUTHCvsIHZHIi:lYU62nZfFu/9Ki
                                                                                                                                                                                                                    MD5:475CFECED8FDCDFEBACB156D5AAF5A5D
                                                                                                                                                                                                                    SHA1:1C4003862DB36C4D469DB9BCAA8FF47152EE1BE6
                                                                                                                                                                                                                    SHA-256:6AEB7AAC7B91E5976A68FA683EACE4E1A61D5DF82DE91DD9B787DF8AE8092A25
                                                                                                                                                                                                                    SHA-512:F26037AE18DADB6B2CEC7EB8ECBD05C8509FA5A427567B5629F7A891EEBB4D5DA72DF1D3FB7B75F0EF5E90A2995050728F4ABE6A441B64F0A87A54AD048B0E14
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........C..O".O".O".FZ..A".t|.M".t|.G".t|.W".t|.D"..|.K".mB.G".mB.\".O".'..|.U"..|.a"..|.N"..|..N"..|.N".RichO".........................PE..L....#.Y...........!.....:...R.......<.......P............................................@.........................p...x...........@..@............l.......P..............................l...........@............P...............................text...a9.......:.................. ..`.rdata..bp...P...r...>..............@..@.data...|=..........................@....qtmetad............................@..P.gfids..X.... ......................@..@.tls.........0......................@....rsrc...@....@......................@..@.reloc.......P......................@..B................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\resources\themes\Default\VideoEditor.rcc

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:Qt Binary Resource file
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):10470292
                                                                                                                                                                                                                    Entropy (8bit):7.513819796543405
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:98304:+zsO0cTuI0bFOiypKut/4fv/c0IQ3uU0d1g0+C+Fo+WqfmsMXK8CrC/iA8IwoSFO:cfvOFxi/46Q3uZ7g0+CMWsms2K1ZIwnO
                                                                                                                                                                                                                    MD5:84AE3C64FCEC95C752552984B3F2F620
                                                                                                                                                                                                                    SHA1:5523A1BBD9F92B52D68B8DE7B5E62C59AE69D228
                                                                                                                                                                                                                    SHA-256:ACC994617D00C16DF30780C4FA6B9AAFBF2F5979D6A20AA5C3256FD5DDD893C8
                                                                                                                                                                                                                    SHA-512:8AE9CE6F8DB82C7C3265B099EE4BAFB4998492BE318E56C98DEC02D21371746F8424A65164AEB60E02CDFA3B4D2845A8327DE6D9E531CA7E925A228F306E622A
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:qres...............>... .PNG........IHDR...'...'.......Q5....pHYs..........+.....MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.Ik

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):27736
                                                                                                                                                                                                                    Entropy (8bit):6.6061036473605865
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:9IORiXXRRa/x56f2uH53OFhXh+xHZjC0ricp:9IOcXXRWyHlJricp
                                                                                                                                                                                                                    MD5:46938D51A127BCF45160C5D857F5DB37
                                                                                                                                                                                                                    SHA1:6444E4A90E9C1B668811B25F95035B97D0C64600
                                                                                                                                                                                                                    SHA-256:AD4A4D6C9AEF0C437990867682939CA191E46921B0AC7FB088A7AE9CBB6FFD00
                                                                                                                                                                                                                    SHA-512:D3EF7BBABC347E2D43AA212C81B452BB561455DBEC352F2080D5B8514E8DAD5775E7B2B94E5414A008E26C60F77A37E894AFCAFD19785639C5BB1DCB37891A3C
                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........."......F..........z(.......`....@.................................E........................................R..(....p...............R..X.......H.......8...............................................t............................text...tE.......F.................. ..`.data...`....`......................@....rsrc........p.......J..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe.manifest

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                    Size (bytes):304
                                                                                                                                                                                                                    Entropy (8bit):4.8207031374507565
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:qRu9Td8HKWBRu9Tf0W0WiWkoi8RcRJg/XSHT:O3fvW0WiEgJQU
                                                                                                                                                                                                                    MD5:ACF6A3667E991196B0B45339D7EF8109
                                                                                                                                                                                                                    SHA1:86E5539E047235CC9BD959FE536B54DC92A7C4BE
                                                                                                                                                                                                                    SHA-256:53A447FFFFAE835C9E52EDDC678EC1963A5FD3D3C1FAB83904C04A1FC2EC8F9D
                                                                                                                                                                                                                    SHA-512:66047291752C3482729D168FA3DAB16853429ABFCAEFF6B694E0825B4B29619197C22B0528DB6138DFBECBDD9AE549160BB5BB927C6CB291FDD9D857346CE4F5
                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                    Preview:<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. ..<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_00400000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.643369950461906
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllT:idq2vVg3F+X324VYxzLtGYKAZTaYlMN
                                                                                                                                                                                                                    MD5:98FA505A36FA8E10C54576E73BCFD348
                                                                                                                                                                                                                    SHA1:B2B2858B06459190F712592FEFB59AEFEB9E3EA9
                                                                                                                                                                                                                    SHA-256:3C106B9A9255F3C687B5BC87FF3CD071FD3D97D1692EC2F6ADB99984BA1EF2BA
                                                                                                                                                                                                                    SHA-512:ED2B651AE47FA5F74AAF196D03B3C80602A3E229D44E9C2D0E40FBD7637CF446090B7933969DB5360C4ABAF057A141E057B6AC6FA942E2E6DCECDD33F870EF38
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................`J..`J..KJ...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_004e0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6421540202882374
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllI:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                    MD5:68F3901011096DA7CEB8463BFBD583EC
                                                                                                                                                                                                                    SHA1:E97BB22147E9EAE470B7FE2F45C10385522C60B4
                                                                                                                                                                                                                    SHA-256:91ED7EEC8B79C13E3BE1F23F703E7DB9DB3A0C626399253B1AD8552488FD4037
                                                                                                                                                                                                                    SHA-512:7590555983557F702DF6C66713BB3AA9AE284DA83D70CC0D529612BAD0D55D25E129B1D25A17EF2DD9D578BD61A6D976338B508C47F2CCB4727683862B786783
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................pN..pN..bN...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_00610000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.642891215114569
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllW:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                    MD5:D5BEB3C804A3251BD472F06F28C559B0
                                                                                                                                                                                                                    SHA1:C23C2CCBDA163E337725B653B1275CB115A91B92
                                                                                                                                                                                                                    SHA-256:A484092DEAF8B04366C9654A0D9AC911A617EC636C85C824B26FBB58E0DB754A
                                                                                                                                                                                                                    SHA-512:D6490A66E8DFD259053A4A54B2879CD63AA253921DACA3D1A0B644439838B619A90ED7FDC24821C2316C970D0497EAA98BADAFD3E8ED8404A81FD56F4B55DD5B
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................b...b.x.b...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_00650000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6402008952882374
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMLK:etGSGPxz/RZTaYlMG
                                                                                                                                                                                                                    MD5:359F259BAB802D38E00851DD43C99AB7
                                                                                                                                                                                                                    SHA1:9FE4F42A95355B351CDCDA1F2B5B197EDCC2BA46
                                                                                                                                                                                                                    SHA-256:B9B113F054BFAF289575F19AE0312EC68E98210F86947B18A84AF18D4D0A7E5C
                                                                                                                                                                                                                    SHA-512:9F7A0D68333BE926C0DDF047DEF31C980775053C59C9CE0BDD5BB87311971843F4854FD87B680D4DA47FF7876BCFE904B43BC715AF8CD09820167E3E554F3CFF
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................Po..Po..Io...........@.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_00710000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6413193005887516
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllW:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                    MD5:2501DCE258A6678C4BB8C715507EC346
                                                                                                                                                                                                                    SHA1:A90D81D645C2867B43088AD47D2EC5F212C89AA1
                                                                                                                                                                                                                    SHA-256:9905B3A6983C0B1DC62CE9FA1B0242BA1C425A5C812901B6A47F520A033EBC8F
                                                                                                                                                                                                                    SHA-512:2EDBC60BF2BA19CA82C0AC8B88B56C322A80286F3832AC93B17CF1BAA7C138F23A5CD4FC91E8AEF8AABF6D770A7D0AC6C1856855D30E9EECFB1FD7A18E7D1A0D
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................t...t...t...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_00780000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.643369950461906
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMHUK/:etGSGPxz/RZTaYlMt
                                                                                                                                                                                                                    MD5:1B9AF3D6346FF6CD5924251518825727
                                                                                                                                                                                                                    SHA1:E67EF330AEC40E76162D6470F01817B274663B4C
                                                                                                                                                                                                                    SHA-256:DF23A45843F56822B3F7588F96D5B51204B8F564FBCF726060E91C9CA5B7F836
                                                                                                                                                                                                                    SHA-512:BBEB1CCB2C759A8ACCD8DDE934D8006B37421B395F557ED23BFE4764295CBC6EEF0B2CCB05BAD36868F4C9D5B6039587CA3D02E3A272568FE46FD9824D5E8E82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................P{..P{.@>{...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_008f0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6397221599409004
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllw:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                    MD5:9C66A052D21B727797FAE03B69A42F72
                                                                                                                                                                                                                    SHA1:D40726DDE6F00CAFF650584DFF68B5233C6741DE
                                                                                                                                                                                                                    SHA-256:C3ECBDDC2C089E229578BF941A4CEACE91A3C492C2CB2A49FA78877CADF9E4B5
                                                                                                                                                                                                                    SHA-512:5161ACB89FF3ECB4CF13855E518670077C97F2F4283272D68B859A91A2D651A161E03B994D18CDE06016FBD069777F917D4EA615540B315CB3DB28358E6ED547
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_00b40000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6288761564611416
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllG:idq2vVg3F+X324VYxzLtGYKAZTaYlMg
                                                                                                                                                                                                                    MD5:36EC7F7BE9BDA781A1E3444A19B868A0
                                                                                                                                                                                                                    SHA1:8394C71B6904150EBF9A552A62D11AB5FEB251ED
                                                                                                                                                                                                                    SHA-256:242098FB1297C29E01B3CE384848F204DE343EA3738F84684BDD9B519249F794
                                                                                                                                                                                                                    SHA-512:61106AB44E68063ABFF8AD1A73FE88E4FA0D08A16854D991D3DBFD3CAFDB5466FD538D3211AF2D7A3D5891B2FD7CB4E13D934635EB24F9E3139C4B4620ADC66C
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`...................................................H............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_00bc0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6460602702882374
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMx8:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                    MD5:71EB91EE76E05D5F7B621715F58AC60A
                                                                                                                                                                                                                    SHA1:08D40C2D63C7350C35DA880E3E712F68335E4FFD
                                                                                                                                                                                                                    SHA-256:27C03274BA4B3AE40219668D9261B84B1BE91A4F605B1FE087FDE2050F49AA68
                                                                                                                                                                                                                    SHA-512:53D482E1600AA14BA58A9AEFD8340E6CED46F711B00AC4205B386DDD663F1BECFAE490656A77D121AF1644BC8CE64F1DA16161594C4CB53716ADF6AB7E513E93
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................p...p...k............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_00c30000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6315664762874733
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllk:idq2vVg3F+X324VYxzLtGYKAZTaYlMw
                                                                                                                                                                                                                    MD5:8D8046F51202992DEBE08D5014277F25
                                                                                                                                                                                                                    SHA1:2500A808C34B2FAEAD2B84875C434996E6162167
                                                                                                                                                                                                                    SHA-256:B0117B4B210380BBF2FD91EAA1E78CCDC5CDBDB4FC6ACBA8922B4AE0005C3B69
                                                                                                                                                                                                                    SHA-512:19FB7E910D45D3187546AAF18261010BA957C08D55084635333AFC4AF6E904D65989B883AB26B55EF9BEF25A0FC5D6331313BCB4D54579929530CE487053DA25
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_00db0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.644844340114569
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMlg/:etGSGPxz/RZTaYlMW
                                                                                                                                                                                                                    MD5:FF00B338D2A43E9F97C53E78012441EE
                                                                                                                                                                                                                    SHA1:F564AAEE128D14EC43E67E41AD77A848F73CD9B5
                                                                                                                                                                                                                    SHA-256:1C9E3C711246D399D991501F1DDAABA06C9DBE63B7BA3823A8BC3AEE73F8C125
                                                                                                                                                                                                                    SHA-512:4F10CAC657E102194EE6FCC750CA5D5CFF02A85A3A1957AD7A7F5D96A048703F26612D57049018376051DDD073C10AFD8C788079E46C6269303D958983655174
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................@...@...7............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_00e30000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.648750590114569
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMJ/:etGSGPxz/RZTaYlMJ
                                                                                                                                                                                                                    MD5:83F170D14442F1300AF2673D15B264E0
                                                                                                                                                                                                                    SHA1:4F20A2042507FA54B6CAE352A53AA290A6361DC3
                                                                                                                                                                                                                    SHA-256:6E28444E3E46C525F87EC620784A2A6FBC35D3695AA3040B374E9AA0C2D28CD9
                                                                                                                                                                                                                    SHA-512:129287CBA4C946E1C84AA7F377213F0609A68ECA9DA9286B2F32A504AA373E3C2F9B10E8BACB93A7D335B448F096DA60DFF09DE6D938D0660C50319130B219E1
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_00ff0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6654732814147342
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMO0/:etGSGPxz/RZTaYlMj
                                                                                                                                                                                                                    MD5:23F1A4ADC4D2FF09C10A2D05C29B5FD8
                                                                                                                                                                                                                    SHA1:18BFB9EA9AE607F4406F8EA1CC951034C7A7E735
                                                                                                                                                                                                                    SHA-256:090D12672AA42ECD625A7E72112BA9B9FA994A6A45677EBE011EC5BD871CCD8F
                                                                                                                                                                                                                    SHA-512:460107A8BB906B659EA836C8B45C900E2A81CC8211F8819B3985C3D75DA9AA4B39EE31915E08485CADBA76BCA34FE3685F068DDF9AD6C3BB0386F43917245EAE
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................@...@...5............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_01120000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6666892115884027
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMWj//:etGSGPxz/RZTaYlMa/
                                                                                                                                                                                                                    MD5:EB57671255A398A1488813E289C264A8
                                                                                                                                                                                                                    SHA1:42C481CB13D410E22172931F6680B3EDB2CD065B
                                                                                                                                                                                                                    SHA-256:7F1FC973EDBB4C3561DAF1D47A4002740CC47763F234EE7642692A12EE95ED0F
                                                                                                                                                                                                                    SHA-512:9FCCB8384E1D108AAF15DAA754F547AA9E5B3DA2CEFC0CD5E56AABCC78465B20E7B5A576020D0212A31AAEA63A15058448FDBF31EF1C4FD3AD48B0A0CC2D84EF
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................`...`...\............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_01150000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6654732814147342
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMgFE:etGSGPxz/RZTaYlMA
                                                                                                                                                                                                                    MD5:A19DA660C0ED49A7FF88097FF8CDEF00
                                                                                                                                                                                                                    SHA1:DDB0BF49FEEB4AEA1813C4E1D9B44977469510CA
                                                                                                                                                                                                                    SHA-256:04329D0C07B69DF42C4D41AAC3E127467173D4A7A96744C5AFE55DAF4D155EDF
                                                                                                                                                                                                                    SHA-512:0977CECD0AD7BDC9965D8F307408432757C12B74620B7D9EFEE960A0EAD379BEC8A3FCDF0F30C527420B2F02C9C9C1B337E573F663A751E87A93CDA7563EA3A8
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_01190000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6495150486782522
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllN:idq2vVg3F+X324VYxzLtGYKAZTaYlMC
                                                                                                                                                                                                                    MD5:64D389D3935DADED057086C373603647
                                                                                                                                                                                                                    SHA1:DE21E40DBD2D9918B48813F2A267FF8888692EF6
                                                                                                                                                                                                                    SHA-256:422072F7019F55166F5D027EEEF92812AC2DF893B5F8621E1BC3577551C02F29
                                                                                                                                                                                                                    SHA-512:9273392ECC98EB0C12BF6A67576E238686C25A1230188E3B1BEEC55D5485118940A9AB41C10CAA41C68C4A9C3F7E36310C324B8216560D342CEE9BC4E776ECDB
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_01210000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.664799496321089
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMef:etGSGPxz/RZTaYlMef
                                                                                                                                                                                                                    MD5:11413AB85887048212ECD8B61D43728D
                                                                                                                                                                                                                    SHA1:84F21B89B3FE99F9C7E522EB79069038344D8423
                                                                                                                                                                                                                    SHA-256:B948CCCF174F142C07512721C22486CDC106F6BCECF1652C52AC9AC6F0B0474B
                                                                                                                                                                                                                    SHA-512:44B54EC8A3C165EE64887D34F9631C01DC2C889C8FE19C3DD3431EE0BC18B2EE4305CF49D00E53CBF0E2DF2B70AC4A1C672C5E0EFBEF8F742BEEC48F2D5053FB
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................)...). .)...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_01360000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6674264064147342
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllB:idq2vVg3F+X324VYxzLtGYKAZTaYlMn
                                                                                                                                                                                                                    MD5:CCC10DE663EA33B3C61837B503B62876
                                                                                                                                                                                                                    SHA1:E2089E808C3EBFFF0AF861369A5A8FDB8A24DAFC
                                                                                                                                                                                                                    SHA-256:1D055F7E783A1C09907302F07E72EE958B74BBC8B353B17B973191C6C0D5490C
                                                                                                                                                                                                                    SHA-512:283ECA185E910B805689639D3873C146A3A11E86095475DE596A095440DBDD4D9D021420B891DC468FF435B4099B3B57765B8ED2F4AD529C0DA1E3B4EB055BFE
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................:...:.D.:...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_013d0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6693795314147342
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMoxlll:etGSGPxz/RZTaYlMojl
                                                                                                                                                                                                                    MD5:857D809484171E6DFDD4F9F88709A771
                                                                                                                                                                                                                    SHA1:630C62503EDC8D01D199CEA20D3A16F073E40A2D
                                                                                                                                                                                                                    SHA-256:2CBF1861C1D89109C467FF5DDA88D786741A1968AAFAA95C436378AAE5972ECA
                                                                                                                                                                                                                    SHA-512:FCC026CC4620FDBFD3BBEC50D17E47905D41FA070A7838D44171BECD66D1378A3AC144D75DB906AC2E5D17F897E863C2AF098ED8A1487756038C52FE9AD2DCC1
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................=...=.,.=...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_015a0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6666892115884027
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllv:idq2vVg3F+X324VYxzLtGYKAZTaYlM+
                                                                                                                                                                                                                    MD5:FD4E9493C4B043C88329036391DA2491
                                                                                                                                                                                                                    SHA1:717FF4E77E17DCF513C9A43D584AA274BAEB78E9
                                                                                                                                                                                                                    SHA-256:13F6DE9901CE78E5B3B641848B2EF445E76C7606BC798B2AECEE9CAC8364BD3C
                                                                                                                                                                                                                    SHA-512:014EF3111BA95B093ABF48B689CFA8E8A94CE00E2828F3B064CCE595EE0FA019D08B7FBC87EE3CB5C1F3A44B3500ADB5FA67C95371BDD4647E1CDD2C85C3AEFD
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................0[..0[..%[...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_01730000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6635201564147342
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/llls:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                    MD5:D632925E38C254328A99AA6B3650D724
                                                                                                                                                                                                                    SHA1:0D525FDFF1155045C1AA3A5747A969414390CAE2
                                                                                                                                                                                                                    SHA-256:C1974D4E803149D2D06622D55ED781DD0F12460BBD2119A955C571364903FF12
                                                                                                                                                                                                                    SHA-512:1A91B02EF5D9F5937E65E7E9BD19DABD20786D34B7860C89612FFB9F5594747B7ECDCD20922CC663A4F1653B10C938F0857DEB95F5424452D50774101CC38A95
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................u...u..u...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_040c0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6642825773631
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMVQl:etGSGPxz/RZTaYlMV
                                                                                                                                                                                                                    MD5:7B388B577ECB48ADC810EAC886F2F5C5
                                                                                                                                                                                                                    SHA1:90544AD11BA4CB30AF8AAFA6611C5A26DBD80254
                                                                                                                                                                                                                    SHA-256:B6C63C0A840DD1EF7FDFC6CC0DE517E1C9C3771F6A20721833E8C5EA452B3FCA
                                                                                                                                                                                                                    SHA-512:238BE708359FA49B2E669F5091A17A30536DE947706C8DA721F8E390A1D10AEDFE5C3FA8133B6E2AAF12322ACB5197EB596401C10D07CDB7913AD4AF44CF861C
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................P...P...7............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_040e0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6690235470625856
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMs2:etGSGPxz/RZTaYlMZ
                                                                                                                                                                                                                    MD5:FC7603AE88F6711E18D6B46986D48239
                                                                                                                                                                                                                    SHA1:AFF5E336357F02260081D99828E1B584E4D6B217
                                                                                                                                                                                                                    SHA-256:84803FF6C3B1B912CEBBC387EF0AF396BF0F33C7EE62507775C3D7C0E017B2E3
                                                                                                                                                                                                                    SHA-512:7DEBABBDF62EE7C06C12AB3B9CC8BB8DBE80A07654D24E221B27ADF15D5ABCA881830B0A8C443690A7BD6EEC644C9294BB09DC0EC0A3A35525F8EC0E32634FB1
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................p...p...Z............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_04160000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6709766720625856
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllA:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                    MD5:3F6674C05D9CB2BF798F84C29441B849
                                                                                                                                                                                                                    SHA1:464F630213AC0DAEB46C62BC8D32FAA6E588C4CE
                                                                                                                                                                                                                    SHA-256:68986E67BFC39ACB1163086531FF60C78F2DACA388145B6EAD44D08695B7F6DB
                                                                                                                                                                                                                    SHA-512:E0C9D36D9B2580CC65ACAC58809751CB697509F95EDCEFD5B7EB8391A806196692858C45D3F9A8AB154A7DF2E2701D0A6A006E661CEAB800F82E4713AE54484D
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`...................................................L.............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_041c0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6690235470625856
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lll0:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                    MD5:ADB85CAA31F40FF549D8C5DC34AB03C4
                                                                                                                                                                                                                    SHA1:4914EB66594885F6DB023926692F2948052CB087
                                                                                                                                                                                                                    SHA-256:DFE28BE728B7A3D829809086079BDD4EAF2AC69AB109FF766C8A4418F95FEE8F
                                                                                                                                                                                                                    SHA-512:319254D44CB2C1E7A116A58C8E6699D34D0FCB47FF387C12BCB727A29F043900FD312ABF379127561A1723F6772B39FD77A77F4FE40B9C8D0BEBB2C4F5F2EFC6
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`...................................................p.............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_04220000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.667807616888917
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMNH:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                    MD5:AB28CCBF20305C6895806CE92B989F8C
                                                                                                                                                                                                                    SHA1:59BA1A3AD0F31C9F16298F9A0AA15EB4BA697DA6
                                                                                                                                                                                                                    SHA-256:EBDA22CBA33D085A588929F1A6DE8F3AA8BD454B600EA2D7B0C34A4CF27685F6
                                                                                                                                                                                                                    SHA-512:82F603F846743FD4EDF1235C062AF2329999D0328C06A6FF5A5433A4E5D627E04B5BAD180ECC1EC5DFEF7FD02CF72C249E6D597F7C2ABE3E9C1C473ACBF5413A
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................%...%.T.%...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_04280000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.669760741888917
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMDx:etGSGPxz/RZTaYlMN
                                                                                                                                                                                                                    MD5:C9FF4F226A3620E354F19EFCE562B8F1
                                                                                                                                                                                                                    SHA1:CB12FCCF511D0A4E2058D491DE9DF01AAA41826A
                                                                                                                                                                                                                    SHA-256:D938A97B5AB974715D33930ABD8D18AEA51F8943363F6AA4F399C33711E078E6
                                                                                                                                                                                                                    SHA-512:43219004994155C0918C2D2D8B95CFAC18A50D2DB171CAD0080ABED2A5BB2341F6A22B402663FCA34DFFD2BD8BEF212821F348806A76D6D48C095600D2206A50
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................(...(.\.(...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_042d0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.653802509152435
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMN6t:etGSGPxz/RZTaYlMN6
                                                                                                                                                                                                                    MD5:1251D148C529F23B320BCAC7AB10EC70
                                                                                                                                                                                                                    SHA1:7DE70CBF744EDE57D33407ADBF867B04373ACE84
                                                                                                                                                                                                                    SHA-256:4E5773593B1FAAD46DCADE073223C1BE0CDEE52CDC36604E1CE0BB51AC335552
                                                                                                                                                                                                                    SHA-512:7380B637DF36C4EC115D818A145BC96C9A2312F02A7F60E74E0C4B08B19BAE5D05B3AB1B71212684336E34CA4ACBC43E4CB769F46F21781BD41452C2E06EDEE3
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................0...0.../...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_04350000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.671713866888917
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMfnal:etGSGPxz/RZTaYlMval
                                                                                                                                                                                                                    MD5:E31B8F7F7268E6B079876D2861376675
                                                                                                                                                                                                                    SHA1:BA211B0802416021B232451BD334A8D89CF13F2B
                                                                                                                                                                                                                    SHA-256:5E8B6F20408CCE6C3E029D7D75BFC02C51D55DB1477F26509398501CF9A36C2C
                                                                                                                                                                                                                    SHA-512:E4ECC847F774E2AAC9B8535A8D2B902A94C60A037347C50C1F7A2D6E545DE514AA55FA4D31EBA239701C7784B0FB1DBF7433F19258583075649CE707DB2F062C
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................?...?...?...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_044e0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6631498675824072
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/llly:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                    MD5:CF2228C12DA270BBCF5DF7C103B136E6
                                                                                                                                                                                                                    SHA1:6DC25CE8955C699BC714BC753099F4C39AAAAEF6
                                                                                                                                                                                                                    SHA-256:FB98109260918FDB5410EC86782E14B5360E65332640AAC95AB276064F72A824
                                                                                                                                                                                                                    SHA-512:1CF9CF2B14AE3166AB328477978210EE424E26AB3E68FD48623CE6BB1C484151715808E60FEE88BCD424BDF4243B212900CD10DF079E2CFE146019DB0D420B00
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................ P.. P...P...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_04520000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.667807616888917
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllT:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                    MD5:89A09AA313222CFD32320FAC1057CAB5
                                                                                                                                                                                                                    SHA1:3F36F37E6C73151EDCCFA4740FEDBE5C7DB40820
                                                                                                                                                                                                                    SHA-256:5E8655FA21210B2E4811720E19593239C5C450631815A5974C977BEE521584EB
                                                                                                                                                                                                                    SHA-512:434EA800844BBCD44773A2C0FC505DECEC48F5311ADE1DC60DB47AC24E1E84391087860BDE4EC8B3ECCB06636E9E1805E43EB906DE1FC06CCF0B26578084ECFD
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................T...T..T...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_04570000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6717138668889169
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMJ8Hw:etGSGPxz/RZTaYlMM
                                                                                                                                                                                                                    MD5:7DFB1A26563CFB073702E2A869AAA3E8
                                                                                                                                                                                                                    SHA1:DA191F8EE0756D03FAB56BC5BDEFDEFC5CAEF16F
                                                                                                                                                                                                                    SHA-256:6ED1CFBD7C683EF6EF1D157F05198B337B0BBA573BE1CD3C2FDDFF46DC21E275
                                                                                                                                                                                                                    SHA-512:CECCA765DF1273104D147B9C9D13400FE464742F2DB9FE09E5688D3216E774C5CDB6697224D81CB8080D379F4A0953499AFBEA12D76EC8E4BD312BFE457FA6A9
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................Y...Y.p.Y...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_045c0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6624269772362539
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM3H:etGSGPxz/RZTaYlMX
                                                                                                                                                                                                                    MD5:996010885FED32B837307048475F6F31
                                                                                                                                                                                                                    SHA1:1C34D0BF8A17C0465A53BDE3A9884C240348EC05
                                                                                                                                                                                                                    SHA-256:F33D179B548E24DFCFBACBA7199C3471C1AC9E961CF3518F6354AFEAA8BABA45
                                                                                                                                                                                                                    SHA-512:DFA9A9429F2687CD6636A84BA9588EF3A9336F0EF82CAA55C5CFD7FC1BC3E041097AF0D6DE2F06443149ECD9724C1AF3392F6ACA68AADA50A8184D7C7877DE64
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................Pg..Pg.X@g...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_04770000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.662905712583591
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllC:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                    MD5:68B416A10B300CAE55209738B6C4E04E
                                                                                                                                                                                                                    SHA1:D8EEBC9CE8A44E8B462626C005AA694CAFC5271B
                                                                                                                                                                                                                    SHA-256:3194D11DC3749762112803D99478ABFC9737566B3E23B0246F782E3D9ED141B0
                                                                                                                                                                                                                    SHA-512:8662AFDA09DEB8184266318126996E91B0453DFA5B44F1A48AB74DCFCE927396B55E2BEFA4808979B5A37D3C72A3ABB77626BFAE742D68BC6D0321D484DB9B5F
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................|...|...|...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_050b0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6580180490300362
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMKg:etGSGPxz/RZTaYlMK
                                                                                                                                                                                                                    MD5:BF0D1BFB59FBF08C71EFC8BD84D3FBB0
                                                                                                                                                                                                                    SHA1:8BB8368917EF3B8AE3AEF7EE2B616393C52DBBD4
                                                                                                                                                                                                                    SHA-256:14B31CED4C9D331D80651B878F30D198282EE2D1EE4A901E4C6067F559A3DDED
                                                                                                                                                                                                                    SHA-512:4F8224DAE3805DA472A8F5CE38BBA61B4BE5B42B405E468FB329AD04142E45E29A1431B0E2FD5FA8A79379F22AAA09BDA96D11D6AAA040594643A2C406DEF1D9
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................`...`...#......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_050e0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6654493385558533
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllw:idq2vVg3F+X324VYxzLtGYKAZTaYlMh
                                                                                                                                                                                                                    MD5:B9A6B57A44214BA7DC5FD28D2264271A
                                                                                                                                                                                                                    SHA1:4559E6A87EF50C7B9F71B4ADE2AF10F861D62F3E
                                                                                                                                                                                                                    SHA-256:A1BD3852F626D875B5CDA4DBDCFB1152A0203CA75AAB95E63E19224FDEE80C59
                                                                                                                                                                                                                    SHA-512:EDB3F2B75D09F2087F51A84A82327A4AB67E0C2944DED4C25CE46026784D0799886105F92D5798787E2CD9CD888CEAC5F2A8FED5A6A78E4E3AB44E8DE89B3826
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................`8..`8...7.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_053a0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6615430885558533
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMb5:etGSGPxz/RZTaYlMd
                                                                                                                                                                                                                    MD5:A8870F28C84D5B226DFAB41DE5972CA6
                                                                                                                                                                                                                    SHA1:911ACA11FEE2379846D7C79180A7BE883A4B110A
                                                                                                                                                                                                                    SHA-256:52F23EE2C947AC6B1EB238D9FDD2B23D3AB1BB4551B65BF5106D8EE62F7CB07E
                                                                                                                                                                                                                    SHA-512:BB3D0CFF09D24FCC381BD0390FD1174C151170EBB3C4037E213BB5A7F29890826394A089D7FEE0361ED136D11DCA9BABECA78BED9E7B5DBF2F18383BB84FEE64
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................<...<..<.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05480000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6690235470625856
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllw:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                    MD5:513946135EA066053F4E11E3CFA6C33C
                                                                                                                                                                                                                    SHA1:EE92809CE3B0ABCFFB80E6220D5E1EDAD3869750
                                                                                                                                                                                                                    SHA-256:B8311613038BAC6B7DFF86BA38C1E7C23A6C378D173AEC7BCF44391F76B3392B
                                                                                                                                                                                                                    SHA-512:71CD20827D6DDA3399B466C83F620217EE02BEA510C75BED6DEB0180E56837203D7831EF0015834A7F0DCCA26702385E34FB3577EC9AB755503E95852B98B1AC
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................pJ..pJ.(OJ...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_054c0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.663415387789021
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lll/:idq2vVg3F+X324VYxzLtGYKAZTaYlMZ
                                                                                                                                                                                                                    MD5:1A8575A2C7EB558E9FC85370230B2B6D
                                                                                                                                                                                                                    SHA1:4695898AAD88B1684993851CDFADD4855E71B8B7
                                                                                                                                                                                                                    SHA-256:B09C8AFDD3C395D49466C4B8AA42D08F1388586493F460F1645C86AD4B9A504C
                                                                                                                                                                                                                    SHA-512:23F1413545A67F57E09E5B24CC46BB4F1277653B2B79FE1C72D746CA7838E3234AC9A2A30B62FD4989C53E6B8BF92756255CB9D6264BB8B49B67D82647D3C380
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................N...N...N...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05500000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6651172970625856
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMNDm:etGSGPxz/RZTaYlMBm
                                                                                                                                                                                                                    MD5:CC7BEDB0779078B8F3D1674DE9291E72
                                                                                                                                                                                                                    SHA1:66A3AA97E5EF508F20951DCB60595712548E584B
                                                                                                                                                                                                                    SHA-256:74A98945634061A77CDE32006E736CBC7A4E1F458F016F05C768E8CFEACFA6F3
                                                                                                                                                                                                                    SHA-512:7E9C818805B0A5E35DDF3F0CF9CF041E2505F7DF04258E2B6EC7174EF5520F6D3B11C9A5C00361202B4A79B8A6D88EDA3B117827EF99565A92DC969223C85A50
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................T...T.x.T...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05570000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.667807616888917
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lll3:idq2vVg3F+X324VYxzLtGYKAZTaYlMn
                                                                                                                                                                                                                    MD5:31BD4AECC03002B8A9041F95B6D6C9ED
                                                                                                                                                                                                                    SHA1:568F7A51FBCCA52CF243FC0FCAC4974A4811F97F
                                                                                                                                                                                                                    SHA-256:446BCB24FCDF831F7B6CB53BBD3450D0DE8409B66833251A94E2926EB58F97D2
                                                                                                                                                                                                                    SHA-512:EADAF5CEA2CA296BB57EAECE33712EC3B354FC77C8A35176781DBED4F8ABD6BD45C40728E3B39095D9FA1FD747588BEDFDB71E999DE436F71C8120C9BF050082
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................@Y..@Y..-Y...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_055b0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6517702198032942
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMmH:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                    MD5:C49447F7BC8B0C54421F91196603E3BF
                                                                                                                                                                                                                    SHA1:1B317FFCBED95621F7475E78E7BD2C2BD6FDB1E8
                                                                                                                                                                                                                    SHA-256:6F3721167905EAD0D7BF180374F1EDE0321405FAA31F5454C981E471FFBEB2FE
                                                                                                                                                                                                                    SHA-512:39FE202065EFCDFA163205C5DBDA36CD078B351EEAAA47F79D607F5E47D7A116D414C0CCF1D4E33BE69FFDBAF177098D18F713279C1AD48C894497E4FC8C6176
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................]...].h.]...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_055f0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.667807616888917
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllY:idq2vVg3F+X324VYxzLtGYKAZTaYlMe
                                                                                                                                                                                                                    MD5:85C4EC3E44D84F2D1BA78836B455CA73
                                                                                                                                                                                                                    SHA1:08D492275F82CE69291997C9F6E2AC4489AE212B
                                                                                                                                                                                                                    SHA-256:ECCDC0B6F1F6D355A3B68CB670C110EAF57A32FF33A221FF17715EAC95436E85
                                                                                                                                                                                                                    SHA-512:3927BFF65830AAD98197C0FD60DACE11ACC82A60CD0C687E767D6615DE306475E62A3733F5E306B5D6C80C8D720F8ABDC0C5016EDC735E38646C15AD66FC3328
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................a...a...a...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05640000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6598594084051108
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMc6:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                    MD5:37CD65BC1C9C5C455358EC02018A243C
                                                                                                                                                                                                                    SHA1:EA4FF7B6E580F5F89E27C10548A3EE770BDB9BA4
                                                                                                                                                                                                                    SHA-256:09C2E04CBD7295E721A5FFAEAC0635DE82858BD068F52CDDB5434D4C2F7F8990
                                                                                                                                                                                                                    SHA-512:83C5EFE550EEF4EAF516C52A31A99ED39E167151B51CDD2257D10FC5CA89772A3DC4B20799EED0B924F065F069A5A86BBBCB22189F5CFEA8EC3B54EB0690B79E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................e...e...e...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05670000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.661948241888917
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMw//lll:etGSGPxz/RZTaYlMitl
                                                                                                                                                                                                                    MD5:AD8FFE9420E56A25DC6F15FA2DDA4709
                                                                                                                                                                                                                    SHA1:0C6BD5DBFE457ADA22BCC19F936C1AEEA431D626
                                                                                                                                                                                                                    SHA-256:1945532240D8D1C06CF49DFCB1EE41D52264A59A3944FAE635FFF8E6FFA4CCEF
                                                                                                                                                                                                                    SHA-512:8903469DFF464038BF624EAEC4254BBC0E43290CA547EF6927F586E77E9DD7F1C5E289C33610C85E16BBEE707DFF373CA285D2DC2CE95F4445E2F9824DC5C034
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................i...i...i...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_056c0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.667807616888917
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMU1d:etGSGPxz/RZTaYlMsd
                                                                                                                                                                                                                    MD5:4CA660DCD0698720649E810B966F52C9
                                                                                                                                                                                                                    SHA1:587944B74C4206C7DFF950C609DF52A06A1578FC
                                                                                                                                                                                                                    SHA-256:0A454E32F9EC2DF8C95D1DDC0415C1FEAF7DE934EC26366373580EC2AF1E3060
                                                                                                                                                                                                                    SHA-512:6FB5D949F6571EF24042D9EB401DC682D7A1CF47D99319A0BECC85E010BF38A26A033E03591BC316225B7D0B934DDE2B5AD88FB245B98358BEAD435283CCAB3E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................m...m...m...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05700000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6572904925824072
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllk:idq2vVg3F+X324VYxzLtGYKAZTaYlM6
                                                                                                                                                                                                                    MD5:DC4C385DC72644C3FDEFFF4E0988C7B4
                                                                                                                                                                                                                    SHA1:C3D08B7A954B6996E8AC4A6B9B98C162A88E3B44
                                                                                                                                                                                                                    SHA-256:932036A2F51FB81A58A7BAE78C2AACF1F89279F3D70AE6923B347AEE565692AA
                                                                                                                                                                                                                    SHA-512:942C33AA9E7BF2E9FE3EC86648BC8654E03CDF2E7F1013F715D63472C08BBB2BD5A0662334BF11477B547DC6C565619B2E73A2855FD182143B5C8C00F08B04F5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................ s.. s.P.r...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05750000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.673666991888917
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMHexg:etGSGPxz/RZTaYlMHJ
                                                                                                                                                                                                                    MD5:AF9B04635C8CEB55FED41E30B36AC7F6
                                                                                                                                                                                                                    SHA1:90D2BF018D3C45F53E260ECF6868EA2714451141
                                                                                                                                                                                                                    SHA-256:0749B8133CF1E16CF16F3CA0DC943F674DC9DC4B9F6F27B8118CE2D74E79DE33
                                                                                                                                                                                                                    SHA-512:6C6116716A267FD06B55978E8D6F777577B2BC143E66280C75CF90C9BA4D598A0EEF7EE13311288B9F6A6039B2D248E2F668C7E049E54078180E06887C9459F7
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................v...v...v...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05790000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6602153927572596
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMtgB:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                    MD5:E7D3B214077F23EF13D1067ECEC75557
                                                                                                                                                                                                                    SHA1:138512BA5173CB420E8592AD463135713CB2567B
                                                                                                                                                                                                                    SHA-256:43480767F0C35315DBC651E09E2598EE32F724E5A4598BE57A16F83C5FBAEE70
                                                                                                                                                                                                                    SHA-512:3B2D64F3CB88365BE7C2A23498D0C8C24A590C2BB9EB60D4F998CD2081C311A36E7983E84B3079D6388F00B59754C1435608F57082198B4169EFAE7D5B9403CB
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................|...|...|...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05820000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6545397039787666
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMWd:etGSGPxz/RZTaYlMQ
                                                                                                                                                                                                                    MD5:EFA5EDB9B80230FDE539AF51A8FD235D
                                                                                                                                                                                                                    SHA1:511C2F162E784B438FD065C4EEDA089E8CBC161F
                                                                                                                                                                                                                    SHA-256:57E381658F80E4BFC56B407208191059FE6105A6C51CB222779AFA24D0F2A3ED
                                                                                                                                                                                                                    SHA-512:465DC7BA8945FF2C7519D7059A2AEC3CCA14EB50E88A16268F37F09CD363DFC39CCB4AFCFC88D5417579F0B4E6DE2F57431F1EEF0C79C25F4BF97A7554B386F2
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05850000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.664380102236254
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM1Ttcl:etGSGPxz/RZTaYlM1Ttcl
                                                                                                                                                                                                                    MD5:B5FB52C93A848FC5FCB89130021C39DA
                                                                                                                                                                                                                    SHA1:534DF55D0594D9D11E5AAD02F1E678FEF59C53E4
                                                                                                                                                                                                                    SHA-256:9E87BA63B87FCEFC1E3FC0BA0394973037C0280CD26CFC38665E6F8B28CA3B14
                                                                                                                                                                                                                    SHA-512:B82A8598856E3404FF7245BDFB242179F412C7C441841DCADD53430B690B0E53D479AC3ABDDAE8A17ABC91ACD73731561972F54AE8D151B459AA50BF2B9F87B3
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`...................................................@............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05890000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6680588326153525
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMOFg:etGSGPxz/RZTaYlMOO
                                                                                                                                                                                                                    MD5:263722635DB587E8F8CFD7DFB48A8440
                                                                                                                                                                                                                    SHA1:A42A616DF480677A882583481DB39E72C7FF8F81
                                                                                                                                                                                                                    SHA-256:1EBE8E3E0877BD343DBB519DDBB1D52BD97AEB98A65A6EF3C86139B4901A93E6
                                                                                                                                                                                                                    SHA-512:6082EED34867147A4BF842980D77D43C6C169B83042F19EB0A81471B5A64BBA1A4584862C7BD3C14AA9367DBFEB27700DA54C48C5CE267681481ADE12D82937B
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_058f0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.668286352236254
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMW1:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                    MD5:024D4C989F8ACBC2913D4BCAFE74EFDD
                                                                                                                                                                                                                    SHA1:8A4685214BEF16DE463A535C179A572291C4865C
                                                                                                                                                                                                                    SHA-256:0E878E885756C5B89F773762F7FE347519306327EB6EBDBD7897AE3AB9674FA9
                                                                                                                                                                                                                    SHA-512:FAB3ACA485BF7D357AA360C566C5277D3D403498B87CC93A87D35BA5EB8D41565C160D33B7645D658EDA5C710B7075F2E789889A4BB8E39FDD08905E0A8D49B0
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................P...P...@............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05910000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6680588326153525
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllp:idq2vVg3F+X324VYxzLtGYKAZTaYlMa
                                                                                                                                                                                                                    MD5:38873E09A757035B643B26655462288E
                                                                                                                                                                                                                    SHA1:FCA18EAEF445073FF6A15D13352CEA8BD346D7AE
                                                                                                                                                                                                                    SHA-256:9B09BA4B496B889C3E25DE01C5F1A3C900440EAEEA9E036683824F645B1BDACF
                                                                                                                                                                                                                    SHA-512:31748798259FCBDD75DCB85D96418D1791589678679E1A82A154EE7E4BAE4D1F18DE29DE9CF01F71A6E2192F8BB7C1335882D793CB797A356BC82CA3964852E6
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05ae0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.667807616888917
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMylV:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                    MD5:B8FD1AB083CB7DDA9FD59E6C91284920
                                                                                                                                                                                                                    SHA1:B6DE2659C31F4947200991D15FB1DF54FE13FD00
                                                                                                                                                                                                                    SHA-256:72481B114FC1EE0F1A304C236FA59312CB61B83B0EEDA7FCCBD81CB5F20FCA7B
                                                                                                                                                                                                                    SHA-512:2E087C6A3E59CB36C54FB3D86DB06585F3D27D62C686501961D06FA263DE6F2163C52AED8394262EB9E7BC5BAB4E53CBC94A411304CB29BD5FC68C7477EFD5E2
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................@...@..P6............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05b10000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6690235470625856
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllP:idq2vVg3F+X324VYxzLtGYKAZTaYlMp
                                                                                                                                                                                                                    MD5:EDC3D819D511136741A290AFD69BC6F9
                                                                                                                                                                                                                    SHA1:BD546DB943B8182A50A0676516B01E26F5D8910B
                                                                                                                                                                                                                    SHA-256:493203C05FC2CEE8B12D9E4100CA14759970B54952A8FE5BE2905BB50EA6B797
                                                                                                                                                                                                                    SHA-512:AA2BD8F1538EA567CD09D7A835127C0FB3781C2F87661C2DF3DE42B231EB24886D7BCC5E3D61152DCF874A43550A13B3C7AEDB16592EFCC5897A3254F76954A5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................p...p..D\............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05c10000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6585064227560757
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM5mg:etGSGPxz/RZTaYlM5m
                                                                                                                                                                                                                    MD5:E793416E76E269396207F78C6D522789
                                                                                                                                                                                                                    SHA1:4AB44E6838054017B53DE6E77BAA4B737E1D96DE
                                                                                                                                                                                                                    SHA-256:F69EF145E14C71D3320CFF2AE5A421D87D6B1F49FF959489234736497E26A657
                                                                                                                                                                                                                    SHA-512:C4C68C87A4A0BB643841278F558C2D3E66E48BA63C1BE8E04D90E86F2E5521274EB7A6E111814167F010F16F948A3F65B398F27086AA15A6F787A9E704605BA1
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................ ... ..X.............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05c50000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.673666991888917
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllR:idq2vVg3F+X324VYxzLtGYKAZTaYlMd
                                                                                                                                                                                                                    MD5:1279A6DA03F8B1AB929B66B1A1684223
                                                                                                                                                                                                                    SHA1:244C65418B9508040F27C42B95BC5B4D7D512B61
                                                                                                                                                                                                                    SHA-256:E5AE0EDAFCC52F38BFDE1DAB303E66A9C71DFE9A0D541BBE5C21E6D81FB5F88A
                                                                                                                                                                                                                    SHA-512:08340DAFE73509C486B9CAD2E234F4A8034EA39B135E1B357D8ABAE36C604EC8217FB09E961F5BDDDCC9630C30AEBEE773BA214D0F43F6616D6B1695E15A2ECC
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05ca0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6709766720625856
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMOzg/l:etGSGPxz/RZTaYlMSg/
                                                                                                                                                                                                                    MD5:4D4C544FF6D94FB127BC40E44DB2BDC5
                                                                                                                                                                                                                    SHA1:660DC56CD29EA5C86094FCE928FBC622A8CCB2EA
                                                                                                                                                                                                                    SHA-256:0617EB0AAB9F60A8379E0DF7CC5D8BE662E37B8C25A68EA4C40E0057E4C4AC18
                                                                                                                                                                                                                    SHA-512:B4C5F01D0462665B0B7CBB34FD41D09C51100165BAB38D3E6D605C10122B4424E2029C46EDD1962071D5EFB54E25BB983D30CCF9753034F5268CAA06754D8005
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................`...`..8Q............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05cd0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.673666991888917
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMWb4:etGSGPxz/RZTaYlMS
                                                                                                                                                                                                                    MD5:3D843BFB836FE206F30E154A7356A0DE
                                                                                                                                                                                                                    SHA1:505A02766164954C72805C5FA51A040D370246FD
                                                                                                                                                                                                                    SHA-256:9EA4A9973FCC404225F1A8A7E5970631A6D8E56BB3035CD2B065841EB5F6FE85
                                                                                                                                                                                                                    SHA-512:D4FC6ECEC28341B67DB0E4003E6ED8111374BB40CA2FA1466206A473C2F8A974964AFE550FC7476ECA64082611565B2C683845A087285E62704B48EF937A17DE
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05d40000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6709766720625856
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMafXf/ll:etGSGPxz/RZTaYlMqXf/
                                                                                                                                                                                                                    MD5:AD3819A2DB5938D7B29F3B440F848C20
                                                                                                                                                                                                                    SHA1:C3D1F11DDC03D8EAA1BADF2CE3C90226FC884DBB
                                                                                                                                                                                                                    SHA-256:2347B41FF4E220D284112DDCAF4EA33A24EC74CBA66C6A9F235E5D96AFAD0DD4
                                                                                                                                                                                                                    SHA-512:8E8CC10EDF39406EA4EB3219A558F686548A6CD07850A3F08E42DA3CF1BBCD5319634022058E3F5AB06F31C9E2C91D155B117653BD7330BD05DA5E20D421574F
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`...................................................@.............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05ec0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.669760741888917
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMuot:etGSGPxz/RZTaYlMu
                                                                                                                                                                                                                    MD5:6EB074EA5F5026ECA70819D8BAC50C20
                                                                                                                                                                                                                    SHA1:98F5A54243624CA2B580F72FD508821330E5DC61
                                                                                                                                                                                                                    SHA-256:92DA91B2BFA0778F044C08FA0CE7FBBBC14CDF84C481FB77A730D3F83A1768B8
                                                                                                                                                                                                                    SHA-512:A64CCF1E349620DFE73F72D0F24924C61DE2540FFB99253F01983B7B054BA85D75886A703D0811342CE652C5C6B322D17695F0D0B0008A1AA5820745E127F799
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................@...@...5............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05f20000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.671713866888917
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM6hgl:etGSGPxz/RZTaYlM6hgl
                                                                                                                                                                                                                    MD5:543692D86F351E55C751A8D4C55D091E
                                                                                                                                                                                                                    SHA1:72ADA71AA9BB73D8B46E6500775685623CC636B6
                                                                                                                                                                                                                    SHA-256:C5A89EAA2D2372846F0C1F81DD096B57BD75FCCB75C4288FF311782243CF5E78
                                                                                                                                                                                                                    SHA-512:479045C26D47C0033C9094E5344A768B734E130ECE9F6CB888B19DC57A2D8A1772D63FB2AC5813635A038A5DC42D9DD33869A96611FF7E132C14E3F8FF40114D
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05f50000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6627590187295218
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM1t+:etGSGPxz/RZTaYlM1t
                                                                                                                                                                                                                    MD5:CB61A171DFB874EDDA778DD031D944C7
                                                                                                                                                                                                                    SHA1:2A0BF5BA7932B198CEC757D40025E16C87A590E0
                                                                                                                                                                                                                    SHA-256:9F0B835522091CFA3C78E2257150B577660AEED83F11D3D5FD8C23F953E3E3DF
                                                                                                                                                                                                                    SHA-512:0DBFA5A6AC28F24F3D54245AD6D59E37B5FC0F12C6FC4CB634D09EE8BEC96C69B4BF4207B88EC476D22AFA49FA47FF822E4F963CE6CEF4955AE36DA696F1DE61
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_05fb0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.648324344626618
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/llls:idq2vVg3F+X324VYxzLtGYKAZTaYlMP
                                                                                                                                                                                                                    MD5:4C0C52ACAD8841B17C67C2B53DF4AEA6
                                                                                                                                                                                                                    SHA1:6533453BEF23B17577846896CCEA5B84061B8A65
                                                                                                                                                                                                                    SHA-256:76142DC3850B1F886BCA7AEE25386FC3B1FECF02D701A17AC96540F1DAF3C2D2
                                                                                                                                                                                                                    SHA-512:E6A8EFCB7138CFBF387A7571DEFAF0BAE5F9CDBD49AE7C651441FFB7EC9B7D2DD79811D3FFB7EE327F56782A4150FF0DFF8E9866AC17453FA05CECDBAAB9A5C3
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`...................................................`.............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_06130000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.661843473263204
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lll4:idq2vVg3F+X324VYxzLtGYKAZTaYlMo
                                                                                                                                                                                                                    MD5:D1A1BB67538BA93FE39D7C11A33031F9
                                                                                                                                                                                                                    SHA1:9E246AA0489223F42FB2D178A7CCB53E8F0272DB
                                                                                                                                                                                                                    SHA-256:6BB1A8E73280F4FA6AA553ACAD988BBBD0AA17920E4BC07BCF1001149A566772
                                                                                                                                                                                                                    SHA-512:8EE1FD5FA4A1C94B4A269984C0403E9F70D99405208B3B89FF090EB451FE1B37358643D2AEC070146D2A752D2F02EB27959C6C98B92EFA273324D4A32C0F7DE0
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`...................................................h.............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_06240000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6662357023631
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllI:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                    MD5:541A100BFD2C89EDE618AA1F915522EB
                                                                                                                                                                                                                    SHA1:DC924AB8126C6C8766E4E7DD97773FC4C797E6A5
                                                                                                                                                                                                                    SHA-256:73462B630D7428FC4988CB6E6C4D9C90BED10BA4ED656E1A42F27479EB7F34E9
                                                                                                                                                                                                                    SHA-512:A6C3B3477017C506EF68D8DED6D19F473E24A9FC36D1227723AABEA8BAC6666E2AFE892BF3CB0B01C4F80DA979BBC63F17F802C43621677D7D212D7FAB20746E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................*...*.p.*...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_062e0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6614538694019283
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMv9:etGSGPxz/RZTaYlMv
                                                                                                                                                                                                                    MD5:21962F11F2674C5762F7C5208B2E11A9
                                                                                                                                                                                                                    SHA1:3D4601B3C414B47182DDAEB0EEC8F5678E39C1E1
                                                                                                                                                                                                                    SHA-256:5FBFCFA949BA49D54A4820EB39E6CDFCF70FE26A322AF3EF983DE538B2C165F5
                                                                                                                                                                                                                    SHA-512:7C55507761491A5C364C11C1B1D8441F259B54EB6543BBB1DDA3D6E761F98F50108E92C443D07D6C9A80457C9A42B3B46D67CE304B42308951BF196F34D75C74
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_06310000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6689260221894315
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMpm:etGSGPxz/RZTaYlMpm
                                                                                                                                                                                                                    MD5:A10C15F7CA9348AA34E838A7EFDCFCDB
                                                                                                                                                                                                                    SHA1:B1266C8A53800F3D647DB9DF6F3528A2291C30A1
                                                                                                                                                                                                                    SHA-256:5C50F2FA1193731B7FC164A1D29FAE68E9E8C383C7825B5097213EDB28113DB2
                                                                                                                                                                                                                    SHA-512:301F1084F7F1B20FBE7F55379C89C69793827D3ACC4AFC6F3A4DE91E959D5DA44940350645A93717EBAFB1F867485D11E9CD07359E0824B51313BD426E0DC2CF
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................3...3...3...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_06350000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6674516325367685
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/llli:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                    MD5:3C0348A92910ED7DCB2F2F4C1F8338FA
                                                                                                                                                                                                                    SHA1:BE2DF2D6A8B3FDACCE3CE9358B3907491D736B0C
                                                                                                                                                                                                                    SHA-256:B0729B4BE262AAAB2969F615BC5787A74D403712B1AC220C4155D4398D9AF3A7
                                                                                                                                                                                                                    SHA-512:179E74E81303E5BE6C6F350915B44DEAEF8977FD2C0FEB4EB242D5B4FBD800A8C1971BCDE0DBE67EFFA9077BA79B7BF7B6B77E099849C360D617D1FE916C2328
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................p<..p<.,P<...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_62c80000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6634962135558533
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllG:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                    MD5:5CC7218C62197721D5AEEA4E4D8C7BD7
                                                                                                                                                                                                                    SHA1:68D889915EF600B055C126A21735E67ABA33AA8E
                                                                                                                                                                                                                    SHA-256:BA19027CD8B0EF13F35275BB9382610F4F0BA655691DE5745ED7AD3D3C983124
                                                                                                                                                                                                                    SHA-512:68D55B17D0020C582906E225EFDF431D1B3E9A6E68A31ACAF946361066608431CC4F0931759F699F902082905065FAD5400F0BA0A62C5432BB0880223BF806E2
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................b...b...b....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_63180000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6611871042037045
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMJGC:etGSGPxz/RZTaYlMN
                                                                                                                                                                                                                    MD5:BC881E02BD9471CC3D8E2D06226E53F0
                                                                                                                                                                                                                    SHA1:3EFD8CFE8C1A75D90FC58A83860CB3B082AC470C
                                                                                                                                                                                                                    SHA-256:7D6CDA5FC13B96CD938A7401C766735147CBE829FB299D6E43347285955C322C
                                                                                                                                                                                                                    SHA-512:B5438FA5DAA4A0DA0D179186685C91A096152124A4EF0694AC0C491A3D6299BF4217A7064490FBCBDC370D8C82D44BDDCCACA387FF36B121CEBD186E23A1A19C
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................:c..:c.l:c....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_64000000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6590220090545913
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllY:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                    MD5:1193D63C9CB3D1552F4A0BE51CB1F8A5
                                                                                                                                                                                                                    SHA1:4566FDE4B763F9A1FD7C778B5F67F6F2BC911811
                                                                                                                                                                                                                    SHA-256:FF63627C19D23B4ECF5D34F550A1FAD7F0A6ECBB571C66F944C8C8E7FD425D70
                                                                                                                                                                                                                    SHA-512:9F9497943641CB9DB900ED84FD3B596A2BE1DFD40C031CB7DAC61591AADFCC188BD07F83E41E98F46F17B66259D5DA8A470F45B30666DDC8F212A0DDE8785DB1
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................d...d.|.d..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_64b40000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6600686989031903
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMeQ:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                    MD5:B8AFD340E563E1DF65BB38E399D56C50
                                                                                                                                                                                                                    SHA1:4139E6A6234B973C96809DA20FEC93A68A1245D4
                                                                                                                                                                                                                    SHA-256:FEC30DADC854FA17357FA19577EC68032D7D1552E99ED65801336A62D55B1C7F
                                                                                                                                                                                                                    SHA-512:0A02194B9020F8F9803A09A6D7AE1F3A29BF94284247B790B3E7E691224606903C1666C62A09EE3C2639468E0374799B5B65DC80E5F288B17727042322B5BE69
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................d...d.4.d....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_65200000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.656543659377373
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMUvLl:etGSGPxz/RZTaYlMg
                                                                                                                                                                                                                    MD5:BAD4570AF2AEB80E814A148B4EEED86D
                                                                                                                                                                                                                    SHA1:3CBAAB2071B5007AC3062A07718998056E8568F4
                                                                                                                                                                                                                    SHA-256:560B5C94DACFBE316EC5A1AA5B9380948635D66E402AD47284952858AA4AFF88
                                                                                                                                                                                                                    SHA-512:225BEACD7251E8BE8C94C23854C24327992575A84C14D34260B0282932BEF4AA3131EF4FD5F561B29D70AF7E61FD3BD83B81087F2E4882975041CF8D5D7DB830
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................P)e.P)e..)e....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_65bc0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6592339792037045
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMKR:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                    MD5:B952DD52B9F22C056686AD606B67B454
                                                                                                                                                                                                                    SHA1:C4F55AC13FAE584359E2DA10FDD539456302B155
                                                                                                                                                                                                                    SHA-256:A62F7B2B511CE419E4E096AB4D2A84AD4A0A5683DD5275DF9EF0B28FFB8E5C1E
                                                                                                                                                                                                                    SHA-512:47023FDDAF8415A800E26EAA1AD6675AE74947ECC803AA7A7236D6EB4FF1591F8FB103D1642ECFADB79128D5AEBDDA4D85E3CBF88DC7B05006FB4434852E1765
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................e...e...e....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_66980000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6665677438563675
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMX7Nl:etGSGPxz/RZTaYlMXr
                                                                                                                                                                                                                    MD5:F0CAAF29EF0A91B72C4030C360C77AF4
                                                                                                                                                                                                                    SHA1:213E088FA54D4C15EEC9777A70A7DB1BB0CF2B99
                                                                                                                                                                                                                    SHA-256:72DDCEBED5C15DFAECF1DF0FCE4E65E5E530AAC13616E5B51A1AD1B5D492AF81
                                                                                                                                                                                                                    SHA-512:298760C56C8F831E015692942A9AAB8B297F2750C543F98AC72C3AB5FBA8134486508D598860F3733E25D30DE5B263116D62191BA2885F901F5B11F3657CD898
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................Gh..Gh.Y*h....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_69120000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6595982692750824
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/llle:idq2vVg3F+X324VYxzLtGYKAZTaYlMk
                                                                                                                                                                                                                    MD5:9F7597FE0FBEE31BE9A6E509A8103B57
                                                                                                                                                                                                                    SHA1:5AD423EE197117A76C0AC1FA7A3DF2AA12492251
                                                                                                                                                                                                                    SHA-256:5914A9F0DBCCB4913B1582AF2D6C35A6FABD092417097DA9FBAFA3B16E473787
                                                                                                                                                                                                                    SHA-512:B913864CBB40A9787878CECD77D8261555A29F94BA602FF062C37BD072008637320927409D1D4D11CC1EA62CBA0813528E127132336568DBEB577B4E50DF4D67
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................0.i.0.i.).i..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_693a0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6655960324099224
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllg:idq2vVg3F+X324VYxzLtGYKAZTaYlM4
                                                                                                                                                                                                                    MD5:535106D730CA00C7A136CCE06D3E99F8
                                                                                                                                                                                                                    SHA1:ED228C38BD64D5A4EC0F2E486E8B84FC479FB46A
                                                                                                                                                                                                                    SHA-256:F31BAB8E7FF10814C641D8BF46A117630A4C1563A023859886D58A8BC7A56ACE
                                                                                                                                                                                                                    SHA-512:8F4CEA9F90901C7FCCCBF6E7B9B5CA8B09F6160B19F55ADCF99C3FE4973A4B24415F4D1003BB8C4D63E69E99303D019485D6B0449D102972A08B456F3687C148
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................p.i.p.iX].i..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_698f0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6651172970625854
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMvGS8:etGSGPxz/RZTaYlMvb8
                                                                                                                                                                                                                    MD5:CC2946C37355D99F02E5C5D170D065ED
                                                                                                                                                                                                                    SHA1:1842BE744D923470A6731FEC4EDB5686D5BFAA9A
                                                                                                                                                                                                                    SHA-256:0DF4F144ACEC1061BC6136D026F8779FB8CD70E7D4AB1456E845983799D897A0
                                                                                                                                                                                                                    SHA-512:DFA85F7C3E4AC6C67EDE03A3CFA5DC902EA3FEA376B77815BAA694733666BFB4FD21A79DDC6B8788C78943D67CDBE41F6EC6D6951C331364B702D3651693FAE3
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................i...i@m.i..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_6a400000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6460602702882374
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMUll:etGSGPxz/RZTaYlMU/
                                                                                                                                                                                                                    MD5:CA7251D5CEBA58B856BEF317A795FF1F
                                                                                                                                                                                                                    SHA1:E835050246DC9684173629C11D20DD2645B0A43B
                                                                                                                                                                                                                    SHA-256:4E58B601E8E3FD5AEEB40F747DC053E32D47B5D70468F3E580328228E7F564F9
                                                                                                                                                                                                                    SHA-512:778E2B4650F26865709253F4ACAA065F09C0E3938F14204A65E693AB26BDA29D067EC0864B09BDB68FDBD0362A0F41776365C977FD3FF37621588545E1FF6585
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................`j..`j.._j..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_6a640000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.659661884152435
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllf:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                    MD5:5F03C5298EC18BE1AAEA606CFE5BDCD4
                                                                                                                                                                                                                    SHA1:6D98C06461BED80E1C07027F836DE2F65207FAD2
                                                                                                                                                                                                                    SHA-256:03F15235B633F2BC4E688850D3617B7CF42383779E8EC68CF841D1F26F2006C2
                                                                                                                                                                                                                    SHA-512:7A740159F5371F85F1766941E80980B0153B393FAB61C0F80ABB219DD2F7428C001B28435BD8D990EA368DAA743F085E41797B8AEAE6534F7AAD971866494BE6
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................wj..wj..vj..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_6a7c0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6550184393261036
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllj:idq2vVg3F+X324VYxzLtGYKAZTaYlM7
                                                                                                                                                                                                                    MD5:2A703909FA81EBCE3C34EF18A60A13A0
                                                                                                                                                                                                                    SHA1:F5E8CC32B1EA55640432A46F9BA5AC997EF340EE
                                                                                                                                                                                                                    SHA-256:E6A0B86138F97FDBCCCD0AEA4380A6CCCA9ED2B8F08E9990C56A4BF30C756060
                                                                                                                                                                                                                    SHA-512:EC1D4769C0F63212D09F56927129C69FA63D84654D340844DE670C0314ABBECF24FDEB5AA451A30104D2E9D2B3585CB72941314EDBC42A8A51415213DFCDB884
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................~j..~jp.}j..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_6a810000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6701010891014136
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllX:idq2vVg3F+X324VYxzLtGYKAZTaYlMi
                                                                                                                                                                                                                    MD5:F53741907163888DC98F4904BEAA9D8D
                                                                                                                                                                                                                    SHA1:21A662211B787D8ECA6D16E1A718AD78DA7C99FB
                                                                                                                                                                                                                    SHA-256:2D692CB666B20F7B6EABA3AD884C6CDC2CE32B69BC9ACADCA2D57B4A9A7E3E80
                                                                                                                                                                                                                    SHA-512:4D6A5461F2AFE526060AD69DC8196482621DF438C5504282FE3AA33FEF959908809EA09A3BD4E124B64EA709939C888B6427E3BB453816D3B07893CCBF3FF4C2
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................j...j@|.j..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_6aa50000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6741457272362539
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMD3g9:etGSGPxz/RZTaYlM8
                                                                                                                                                                                                                    MD5:A37753C9347C5309898E0A0D0987E628
                                                                                                                                                                                                                    SHA1:6BA73880F9EAA18CA2A37F9179D1AF47C5008AB8
                                                                                                                                                                                                                    SHA-256:2B9CC10F3D4AEB7C2A9132EDAEAFB0511908B5EA200F41FC6B508C676CB32082
                                                                                                                                                                                                                    SHA-512:A5A58B23036FFFBBD69B5D9A0796379287D9BB9CABB14465619A3F9D1E41BF219FDA63964BFE050D12F2C3A72A664EAC6E26EFD856DB13403AFF8C50D703E272
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................`.j.`.j.?.j..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_6aec0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6626781929626895
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM7pt:etGSGPxz/RZTaYlM9t
                                                                                                                                                                                                                    MD5:B80249D74CCEF49D5A9820EE882545BC
                                                                                                                                                                                                                    SHA1:D557A6EDF81ADEA45FBFDD43D1DC1A152A262787
                                                                                                                                                                                                                    SHA-256:E6C763632E10D7FC5B66CABD5AB22EA7DAE61B2E0D2F1CA614FE5B2019F22AD0
                                                                                                                                                                                                                    SHA-512:A8CFA242BE87421D4CC524A66A3338581803FFF050DE80708245BC0853947ACF266ECEE17AFD87264FD8CA06389B260384A7C771451B8A314500A5EEAE224A28
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................k...kl..k..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_6b100000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6721782977560757
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMJu:etGSGPxz/RZTaYlMJu
                                                                                                                                                                                                                    MD5:257741D2C0A21A79D767604E977590BC
                                                                                                                                                                                                                    SHA1:25896F814347C17F78A2E2CC33867AFFC3732816
                                                                                                                                                                                                                    SHA-256:C1E14B27AC3E970442BB1E763D921B0C9E0D0332062E22694DFF8740D0627B56
                                                                                                                                                                                                                    SHA-512:F6E15D05C2E8CEA074EA0A969DC077252240EE23C7D02429E10E59C31EBB8FBB7333A6850D90F2CBEDC8348C22583CD8A9157E3592877FCE942D6BEF000418A9
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................ .k. .k...k..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_6b8d0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.659661884152435
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllp:idq2vVg3F+X324VYxzLtGYKAZTaYlMH
                                                                                                                                                                                                                    MD5:86CFC78AD86CB9F1DF2C741F0E7B9674
                                                                                                                                                                                                                    SHA1:0A589637A556AF82901DE87FFB06DC8A753B6149
                                                                                                                                                                                                                    SHA-256:4FF12387EE15F093E8E88F6B600F7E076A574AE61F6E47F635840DB4BF0D2E85
                                                                                                                                                                                                                    SHA-512:B22F00A25D8B0CA7F6E6F23931043C3274B69F2F5B42C2B8DF0ECE34C0D50B92E41F004FECBF1759B4B6C77692D3D33167B417A86D4C35450A5ECB4C1630A5C7
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................k...k..k..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_6bb50000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6714554074099224
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllN:idq2vVg3F+X324VYxzLtGYKAZTaYlMO
                                                                                                                                                                                                                    MD5:2A5F681ADEABD7DE71490E28AC4B2066
                                                                                                                                                                                                                    SHA1:E7AF38CE7EF55C281976601487FCA11B46AC4FB6
                                                                                                                                                                                                                    SHA-256:BE70F0D8FA227E2831E596882EB60191DCF33FFDA990457B9F359EF5D0D9A9CD
                                                                                                                                                                                                                    SHA-512:FA891DB243F67A86DC7409C2079B0507786F9BF5C7EEB09C73189A4F66244BFBFCC02F51DDE7A71DCCC9C6708433438ED7CCF66D881B532337D67585D1251646
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................`.k.`.k(@.k..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_6be00000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6694047575367683
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM5Hr:etGSGPxz/RZTaYlMZr
                                                                                                                                                                                                                    MD5:F6D81EFB0D207A06DE7D7D7E70BD213D
                                                                                                                                                                                                                    SHA1:2E1135239C98A45D92E93BA01B6BFE21620BD482
                                                                                                                                                                                                                    SHA-256:FE5279C3D4558FDD0BD508098AADE7710866B914FA432DE709FA3812C57204FD
                                                                                                                                                                                                                    SHA-512:A02FE2417BA9214661504F263515053C0163D75860153C24FD040F0027B9E34B880A9BC392CD60697E864E3C48D50846EF06362A70C635838785F0BAABD8FEFC
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................P"l.P"l./"l..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_6c460000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6583707142722692
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMO7:etGSGPxz/RZTaYlMO7
                                                                                                                                                                                                                    MD5:6B2EA218F89274B0801DD3BBD185FC8F
                                                                                                                                                                                                                    SHA1:78680D56FA6DF1501AED15A5943E3881BEF18589
                                                                                                                                                                                                                    SHA-256:7480D0725B9C92FD5F8EA1C21EF953F2564BEEE184FF02C8AD09D9BA894F387B
                                                                                                                                                                                                                    SHA-512:B890B581008D0C800B1ACD2AF43CA884FBCBB7C6C2E7D59E21C61E1D5525E37556D5D261DD081F83FB9116A2A81A6B74A64A30D2B8286F80BEC8A509EA7E6B17
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................l...lD..l..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_6c8f0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6701419523630996
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMxmll:etGSGPxz/RZTaYlM4
                                                                                                                                                                                                                    MD5:39A46CC8CD31483EA10C7B63E729962A
                                                                                                                                                                                                                    SHA1:55E01C41B79B0F64DA4FBDFDEEABF89292FA1DF8
                                                                                                                                                                                                                    SHA-256:4EA6671CA18A2A8C84F1AA56EBC5A293012BECF27EAEBE1F9E5E189A66EB5CCE
                                                                                                                                                                                                                    SHA-512:CEE7241E2CB411393482A8B0DC12336615E7AD25EC264EE4BE656DF7799137EF11A900EC4AD82C65CEE4488969503F8DE9AE2F54E123A8BE5A6D5A229E6BB267
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................l...l...l..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_6cde0000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.668286352236254
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMBNMl:etGSGPxz/RZTaYlMBNMl
                                                                                                                                                                                                                    MD5:1F080928B109C2F570735389E8962BFD
                                                                                                                                                                                                                    SHA1:F217D21EBAB0D9523DB0892439694A18B80927C6
                                                                                                                                                                                                                    SHA-256:AF5BB4318F9D11F03B42864F653ED9055B22734385D5B9F9C6BCEB631E3F7AC3
                                                                                                                                                                                                                    SHA-512:B7516B32CDDF4D153B52893A65C239819BFDE0FF419B6D9F69C7D76BFC2D069635AE80B34E2ED67675B6FE81DFFC18E86555A9170C575407DBF72329FC181874
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................m...mh].m..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_6d270000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.664380102236254
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/llls:idq2vVg3F+X324VYxzLtGYKAZTaYlMS
                                                                                                                                                                                                                    MD5:0496EC1607EAD427BB8D7BA7734CD6EE
                                                                                                                                                                                                                    SHA1:8FABABAFFFE2324C628AA3741AECD0051F964AB3
                                                                                                                                                                                                                    SHA-256:6947CE8EE59AD0D25EAEB86F15972E3B9C32DF0002A41ACED5DC016B5A183B14
                                                                                                                                                                                                                    SHA-512:79527B3611641523968C599AF105F82484F4661870CF0C39CF13A857C3D4900E7FB832B0969428F568EE93E8F7C71B2062F0AF74B182806081F921DE2267CB67
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................@7m.@7mh#7m..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\local\temp\7888_6eb40000_tls.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1024
                                                                                                                                                                                                                    Entropy (8bit):1.6545353666355087
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMnL/:etGSGPxz/RZTaYlMnL
                                                                                                                                                                                                                    MD5:1F5AC387DEA592AF2C2052848A7D5A8D
                                                                                                                                                                                                                    SHA1:B69325A55E98607BC03D4A9E8BF6CCC91CA04644
                                                                                                                                                                                                                    SHA-256:0EA9D5CE5FD9AB7ED0C6D209911498BCC9CD7737E4EC168C2304F06D4C30C258
                                                                                                                                                                                                                    SHA-512:46E41F8A31CB4CAB046237E2C9E17B58CD9911F1BA6B7AB76C8FF3FD04C186B2041D0DD712D204890980151EFC82938D6D5041894ED1BE16BC97E00E36FC7905
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................ .n. .n..n....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\roaming\meta\@APPDATACOMMON@\ydumnozt.kxd.__meta__

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32
                                                                                                                                                                                                                    Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:H00lKs5zvmuDyn:lwsdmMyn
                                                                                                                                                                                                                    MD5:032EFF890581C969A281DCEAB927E322
                                                                                                                                                                                                                    SHA1:D46FE8460B5E02DD55CA798DF32661558BC26777
                                                                                                                                                                                                                    SHA-256:9D5636835240C62BFA41149306E7BD92A4F8BEC4A093655FAA185BEBA92054D7
                                                                                                                                                                                                                    SHA-512:0AE3903AA939F8DD6311B4FE73D93D75419A03B2F56298AA770D5503338518B2C5243AD22C98E4E1482A10BE1BBA0FDC8E98A42AF8EB3EA0D97EDAF6E176406A
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmmeta.........'V%.f..J.....X..

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\roaming\modified\@APPDATACOMMON@\ydumnozt.kxd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):5075
                                                                                                                                                                                                                    Entropy (8bit):6.113060818040102
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:iDtE58Yz5UGZfW3UGzKVBem6tqU1y9uiv6lJlW/V:i658EUGZfczEem2qWy9ux7uV
                                                                                                                                                                                                                    MD5:275625AC660E164AC304A087E658938E
                                                                                                                                                                                                                    SHA1:FB97C50D10529236E42D9FDF4794B084AC16FC1B
                                                                                                                                                                                                                    SHA-256:0262D12C45662D446606635130A69E4DA1CB3913FB3A2031C3B657A516B6714F
                                                                                                                                                                                                                    SHA-512:50B8EAFB374C83196AEA7E0F1179AB78ED3DD2F9550DC0D32AB4CF582E31C9B9E22699EF893EFD07BEB1FAC1738E205C072CB3A37729A7DF097723DCF1FAB660
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:$.....nL.......pZin....Y...$..................................................................................................................................................................P....4$.e...)..5.....$......,$.t....$.....t...4$XSW.$$..$.[......U......,$.....R.W......5.[..6C.]..=......R...h.]~+.4$...........1t$.^..$V....$$R......T$..,...]..R..$ZR..$Z..jYyT1.Z.....R.......u.._....Z.4$......P. ..>R..Y.o...R.Q).Z..XU.......].s...14$34$\h5=.D..$.....U.F.......J....,$..$.4$..$...h..9U..$............]..$.$$h/....4$..$.0}=......A..w...8......R...34$......$........U.4$.............^3.$1.$3.$\.}.....S........+..ZU....~1.]......$...........$.$$.......$........$XV..$.+.....P.....U....o........p.._.......7..eM..q........S..$W........O......p....$..e)...$..e...p...<$........M.~W......$$h..,..$..$..jZVR.<$h...\.<$...W..$_GS..$..i..1.Y.......h.Z2q.g...W..Ww....Asw...HW...........$.n..._......}.,....4$.$$h...L.4$.............$..k.?....w7.......$ST.......$..$.,$...}..$VT.4$^..

                                                                                                                                                                                                                    C:\Users\user\Desktop\Data\xsandbox.bin

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                    Entropy (8bit):2.521782221599798
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Zmf/ln:s
                                                                                                                                                                                                                    MD5:EC3D19E8E9B05D025CB56C2A98EAD8E7
                                                                                                                                                                                                                    SHA1:748532EDEB86496C8EFE5E2327501D89EC1F13DF
                                                                                                                                                                                                                    SHA-256:EDB7BE3EF6098A1E24D0C72BBC6F968DEA773951A0DD07B63BAD6D9009AE3BF4
                                                                                                                                                                                                                    SHA-512:175FB8432472B6795BB5DB0EBA61BC7B57331720825DF5B048F3086815BA844DF4F7E83E42FF9E8FE5AB01700675A774CB916677953D6E0088FFBF1FA2775349
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:xvmsbox.........

                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Entropy (8bit):7.999392230014389
                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                                                                                    • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                    File name:Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    File size:80'474'129 bytes
                                                                                                                                                                                                                    MD5:0cd8f9edc5183f8729598f19cf2da06b
                                                                                                                                                                                                                    SHA1:300049e800fe66c3ea872abf9ac9599b351ba9a6
                                                                                                                                                                                                                    SHA256:9a6d2d6ca21a6b83a31aa5a5f855d653d66096ffe0b25dcdf04f4943e3d3892d
                                                                                                                                                                                                                    SHA512:c558f86674c8bd8514e1c8e40447e07989a18b3dd785dbc304a006e1e050c39c282e39b7c9374ff5cb6303de1b72ad93d5ee5bb8a56b6f74ed864e039d5e8037
                                                                                                                                                                                                                    SSDEEP:1572864:vXF7UdMErU3IRMw17P7F5ye1ddvzw8HN/fngj3h8E1aVNJk4zszlB:v1+MErU3IRj1z7Kivz3fgjR8JvJkIszT
                                                                                                                                                                                                                    TLSH:F30833524A5DC7C2E3481F3061EE607D0A6DDEFEA9E94105C4C0C14D3E9AA6EF7A0EB5
                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n+.Z.........."......P...p......z(.......`....@..........................0.............................................

                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                    Icon Hash:5e635b49593d0d86

                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Entrypoint:0x40287a
                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                    Time Stamp:0x5AF32B6E [Wed May 9 17:10:06 2018 UTC]
                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                                                                    OS Version Minor:1
                                                                                                                                                                                                                    File Version Major:5
                                                                                                                                                                                                                    File Version Minor:1
                                                                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                                                                    Subsystem Version Minor:1
                                                                                                                                                                                                                    Import Hash:2a23b322f4a5d4d7ef2a2b48495acd72

                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                    and esp, FFFFFFF8h
                                                                                                                                                                                                                    sub esp, 0000088Ch
                                                                                                                                                                                                                    xor ecx, ecx
                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                    mov ebx, ecx
                                                                                                                                                                                                                    push edi
                                                                                                                                                                                                                    mov dword ptr [esp+10h], ebx
                                                                                                                                                                                                                    mov dword ptr [esp+4Ch], ecx
                                                                                                                                                                                                                    mov dword ptr [esp+34h], ecx
                                                                                                                                                                                                                    mov dword ptr [esp+2Ch], ecx
                                                                                                                                                                                                                    mov dword ptr [esp+1Ch], ecx
                                                                                                                                                                                                                    mov dword ptr [esp+50h], ecx
                                                                                                                                                                                                                    mov dword ptr [esp+20h], ecx
                                                                                                                                                                                                                    mov dword ptr [esp+54h], ecx
                                                                                                                                                                                                                    call 00007F69B0B4F4E5h
                                                                                                                                                                                                                    mov esi, dword ptr [004DC014h]
                                                                                                                                                                                                                    call esi
                                                                                                                                                                                                                    and eax, 11h
                                                                                                                                                                                                                    mov dword ptr [esp+3Ch], 00000003h
                                                                                                                                                                                                                    cmp eax, 00000111h
                                                                                                                                                                                                                    je 00007F69B0B4FA96h
                                                                                                                                                                                                                    call esi
                                                                                                                                                                                                                    mov dword ptr [00406040h], eax
                                                                                                                                                                                                                    mov eax, dword ptr [esp+20h]
                                                                                                                                                                                                                    mov dword ptr [esp+18h], eax
                                                                                                                                                                                                                    mov eax, dword ptr [esp+20h]
                                                                                                                                                                                                                    mov dword ptr [esp+30h], eax
                                                                                                                                                                                                                    mov eax, dword ptr [esp+20h]
                                                                                                                                                                                                                    mov dword ptr [esp+24h], eax
                                                                                                                                                                                                                    jmp 00007F69B0B4FB46h
                                                                                                                                                                                                                    mov eax, dword ptr [esp+20h]
                                                                                                                                                                                                                    mov ecx, dword ptr [esp+20h]
                                                                                                                                                                                                                    mov dword ptr [esp+30h], eax
                                                                                                                                                                                                                    mov eax, dword ptr [esp+20h]
                                                                                                                                                                                                                    mov dword ptr [esp+18h], ecx
                                                                                                                                                                                                                    mov dword ptr [esp+24h], eax
                                                                                                                                                                                                                    mov esi, ebx
                                                                                                                                                                                                                    push 00000004h
                                                                                                                                                                                                                    push 00001000h
                                                                                                                                                                                                                    push ecx
                                                                                                                                                                                                                    push 00000000h
                                                                                                                                                                                                                    call dword ptr [004DC05Ch]
                                                                                                                                                                                                                    mov edi, eax
                                                                                                                                                                                                                    call 00007F69B0B5067Ah
                                                                                                                                                                                                                    mov ecx, eax
                                                                                                                                                                                                                    sub ecx, dword ptr [00406040h]
                                                                                                                                                                                                                    xor edx, edx
                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                    div dword ptr [esp+3Ch]
                                                                                                                                                                                                                    test ecx, FFFF8000h
                                                                                                                                                                                                                    je 00007F69B0B4FA85h
                                                                                                                                                                                                                    test edx, edx
                                                                                                                                                                                                                    je 00007F69B0B5025Dh

                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xdc0740x28.idata
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xde0000x248be.rsrc
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xdd0000x248.reloc
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0xdc0000x74.idata
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                    .text0x10000x45740x4600097f87feef4e9836a899bdac9e50b6c0False0.5686941964285714data6.360440384903771IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .data0x60000x4600x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                    .xcpad0x70000xd50000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0
                                                                                                                                                                                                                    .idata0xdc0000x36c0x400543953fe66b0720f1740bdd0d222e2d3False0.4287109375data4.351609356800353IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .reloc0xdd0000x2480x4008d23464b94af92ae72e33b90b8465fe7False0.55078125data4.3868706265282915IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .rsrc0xde0000x248be0x24a00ba39a09b5c508a4931f56865522f5ec2False0.45735788182593856data5.946110885118665IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                    RT_ICON0xde2200xbba4PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedRussianRussia0.9963152635523358
                                                                                                                                                                                                                    RT_ICON0xe9dc40x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536RussianRussia0.16182124689459362
                                                                                                                                                                                                                    RT_ICON0xfa5ec0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384RussianRussia0.22726735947094945
                                                                                                                                                                                                                    RT_ICON0xfe8140x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216RussianRussia0.28827800829875516
                                                                                                                                                                                                                    RT_ICON0x100dbc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096RussianRussia0.36374296435272047
                                                                                                                                                                                                                    RT_ICON0x101e640x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024RussianRussia0.5824468085106383
                                                                                                                                                                                                                    RT_GROUP_ICON0x1022cc0x5adataRussianRussia0.7666666666666667
                                                                                                                                                                                                                    RT_VERSION0x1023260x40cdataRussianRussia0.43243243243243246
                                                                                                                                                                                                                    RT_MANIFEST0x1027320x18cXML 1.0 document, ASCII text, with CRLF line terminators0.5277777777777778

                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                    KERNEL32.dllHeapAlloc, GetProcessHeap, HeapFree, GetProcAddress, GetModuleHandleW, GetTickCount, GetModuleFileNameW, SetEnvironmentVariableW, IsWow64Process, GetCurrentProcess, OpenProcess, GetLastError, DuplicateHandle, GetCommandLineW, OpenFileMappingW, MapViewOfFile, SetEvent, UnmapViewOfFile, CloseHandle, GetCommandLineA, CreateFileW, CreateFileMappingW, GetFileSizeEx, VirtualAlloc, VirtualFree, LoadLibraryW, ExitProcess, GetModuleHandleA

                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                    RussianRussia

                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                    Oct 25, 2024 09:49:45.547138929 CEST49699443192.168.2.7104.26.14.179
                                                                                                                                                                                                                    Oct 25, 2024 09:49:45.547178030 CEST44349699104.26.14.179192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:45.547239065 CEST49699443192.168.2.7104.26.14.179
                                                                                                                                                                                                                    Oct 25, 2024 09:49:45.598839045 CEST49699443192.168.2.7104.26.14.179
                                                                                                                                                                                                                    Oct 25, 2024 09:49:45.598859072 CEST44349699104.26.14.179192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:46.230187893 CEST44349699104.26.14.179192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:46.230267048 CEST49699443192.168.2.7104.26.14.179
                                                                                                                                                                                                                    Oct 25, 2024 09:49:46.316442966 CEST49699443192.168.2.7104.26.14.179
                                                                                                                                                                                                                    Oct 25, 2024 09:49:46.316469908 CEST44349699104.26.14.179192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:46.317441940 CEST44349699104.26.14.179192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:46.317533970 CEST49699443192.168.2.7104.26.14.179
                                                                                                                                                                                                                    Oct 25, 2024 09:49:46.321615934 CEST49699443192.168.2.7104.26.14.179
                                                                                                                                                                                                                    Oct 25, 2024 09:49:46.363378048 CEST44349699104.26.14.179192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:46.766700983 CEST44349699104.26.14.179192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:46.766793013 CEST49699443192.168.2.7104.26.14.179
                                                                                                                                                                                                                    Oct 25, 2024 09:49:46.766813040 CEST44349699104.26.14.179192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:46.766882896 CEST49699443192.168.2.7104.26.14.179
                                                                                                                                                                                                                    Oct 25, 2024 09:49:46.766943932 CEST49699443192.168.2.7104.26.14.179
                                                                                                                                                                                                                    Oct 25, 2024 09:49:46.766966105 CEST44349699104.26.14.179192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:57.731792927 CEST49732443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:57.731828928 CEST49731443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:57.731872082 CEST4434973284.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:57.731873989 CEST4434973184.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:57.731951952 CEST49732443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:57.732184887 CEST49731443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:57.743015051 CEST49731443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:57.743033886 CEST4434973184.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:57.743201971 CEST49732443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:57.743226051 CEST4434973284.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:58.850131989 CEST4434973184.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:58.850172043 CEST4434973284.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:58.850280046 CEST49731443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:58.850290060 CEST49732443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.124238014 CEST49738443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.124279976 CEST4434973884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.124334097 CEST49738443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.178296089 CEST49738443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.178314924 CEST4434973884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.213772058 CEST49732443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.213809013 CEST4434973284.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.213864088 CEST49731443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.213893890 CEST4434973184.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.214754105 CEST4434973184.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.214803934 CEST4434973284.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.214814901 CEST49731443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.214869022 CEST49732443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.226733923 CEST49731443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.226943970 CEST49732443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.267333984 CEST4434973284.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.267364979 CEST4434973184.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.483004093 CEST4434973284.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.483078957 CEST49732443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.483115911 CEST4434973284.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.483172894 CEST49732443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.483218908 CEST4434973284.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.483279943 CEST49732443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.490992069 CEST4434973184.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.491058111 CEST49731443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.491060019 CEST4434973184.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.491090059 CEST4434973184.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.491111994 CEST49731443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.491142988 CEST49731443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.493846893 CEST4434973184.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.493889093 CEST49731443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.493899107 CEST4434973184.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.493942022 CEST49731443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.494019032 CEST4434973184.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.494067907 CEST49731443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.282423019 CEST4434973884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.282521963 CEST49738443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.286442041 CEST49738443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.286453962 CEST4434973884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.286861897 CEST4434973884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.330699921 CEST49738443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.470349073 CEST49738443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.483388901 CEST49732443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.483426094 CEST4434973284.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.491099119 CEST49748443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.491139889 CEST4434974884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.492892027 CEST49748443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.497019053 CEST49748443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.497040987 CEST4434974884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.511359930 CEST4434973884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.588594913 CEST49731443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.588623047 CEST4434973184.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.598514080 CEST49749443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.598567009 CEST4434974984.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.598637104 CEST49749443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.618088007 CEST49749443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.618105888 CEST4434974984.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.733875036 CEST4434973884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.734054089 CEST4434973884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.740464926 CEST49738443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.792956114 CEST49738443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:00.792984009 CEST4434973884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.051738024 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.057281017 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.057349920 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.057509899 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.062885046 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.597182989 CEST4434974884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.597312927 CEST49748443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.597826958 CEST49748443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.597835064 CEST4434974884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.599875927 CEST49748443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.599880934 CEST4434974884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.702457905 CEST4434974984.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.702526093 CEST49749443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.703819990 CEST49749443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.703831911 CEST4434974984.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.707698107 CEST49749443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.707706928 CEST4434974984.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.857988119 CEST4434974884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.858112097 CEST49748443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.858122110 CEST4434974884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.858151913 CEST4434974884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.858170033 CEST49748443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.858227968 CEST49748443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.858947039 CEST49748443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.858963966 CEST4434974884.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.880300045 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.880357027 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.880673885 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.880776882 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.880790949 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.880805969 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.880827904 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.880827904 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.880860090 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.881150961 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.881195068 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.961968899 CEST4434974984.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.962126017 CEST4434974984.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.962212086 CEST49749443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.445831060 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.446271896 CEST4976880192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.448281050 CEST49749443192.168.2.784.16.252.107
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.448304892 CEST4434974984.16.252.107192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.451441050 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.451772928 CEST804976818.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.451848984 CEST4976880192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.452626944 CEST4976880192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.458039999 CEST804976818.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957102060 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957169056 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957299948 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957334995 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957360983 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957387924 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957431078 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957467079 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957480907 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957503080 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957509041 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957545042 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.960328102 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.960397959 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.960870028 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.960906982 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.960941076 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.960978031 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.964140892 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.964176893 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.964209080 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.964211941 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.964247942 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.964288950 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.966026068 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.966056108 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.966092110 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.966099024 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.966131926 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.966151953 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.072638988 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.072696924 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.072731972 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.072736979 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.072808981 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.072808981 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.072875023 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.072911024 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.072959900 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.073183060 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.073287010 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.073317051 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.073350906 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.073401928 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.073481083 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.073673010 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.073698997 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.073733091 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.073741913 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.073786020 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.073998928 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.074048042 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.075860023 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.075994015 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.075999022 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.076028109 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.076086044 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.076306105 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.076339006 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.076364040 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.076391935 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.079365969 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.079421997 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.079500914 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.079545021 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.079582930 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.079617023 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.079634905 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.079663038 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.079740047 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.079773903 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.079790115 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.079826117 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.081430912 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.081625938 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.081691027 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.129914045 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.135370016 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543100119 CEST804976818.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543164968 CEST804976818.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543186903 CEST4976880192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543203115 CEST804976818.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543257952 CEST4976880192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543526888 CEST804976818.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543562889 CEST804976818.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543589115 CEST4976880192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543597937 CEST804976818.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543632984 CEST804976818.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543651104 CEST4976880192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543668985 CEST804976818.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543701887 CEST4976880192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543723106 CEST4976880192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.544305086 CEST804976818.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.544342041 CEST804976818.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.544370890 CEST4976880192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.544404030 CEST4976880192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.603952885 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.604023933 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.604119062 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.604154110 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.604168892 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.604202032 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.605868101 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.605902910 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.605918884 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.605938911 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.605983019 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.609389067 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.609462976 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.609468937 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.609505892 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.609539032 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.609539032 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.612332106 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.612386942 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.612416983 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.612421989 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.612433910 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.612498045 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.615786076 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.615822077 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.615852118 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.615876913 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.615879059 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.615932941 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.619301081 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.619358063 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.682229996 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.682307959 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.682410955 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.682427883 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.682451010 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.682475090 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.683649063 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.683700085 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:51:47.476597071 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:51:47.476703882 CEST4976880192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:51:47.482546091 CEST804975118.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:51:47.482646942 CEST4975180192.168.2.718.66.112.33
                                                                                                                                                                                                                    Oct 25, 2024 09:51:47.482923031 CEST804976818.66.112.33192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:51:47.483011007 CEST4976880192.168.2.718.66.112.33

                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                    Oct 25, 2024 09:49:45.524910927 CEST6040253192.168.2.71.1.1.1
                                                                                                                                                                                                                    Oct 25, 2024 09:49:45.533200026 CEST53604021.1.1.1192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:57.661559105 CEST6043253192.168.2.71.1.1.1
                                                                                                                                                                                                                    Oct 25, 2024 09:49:57.672856092 CEST53604321.1.1.1192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.104579926 CEST6324053192.168.2.71.1.1.1
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.120722055 CEST53632401.1.1.1192.168.2.7
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.014089108 CEST6368553192.168.2.71.1.1.1
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.036793947 CEST53636851.1.1.1192.168.2.7

                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                    Oct 25, 2024 09:49:45.524910927 CEST192.168.2.71.1.1.10xa07fStandard query (0)start.turbo.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 25, 2024 09:49:57.661559105 CEST192.168.2.71.1.1.10x494aStandard query (0)mip2.movavi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.104579926 CEST192.168.2.71.1.1.10xa6bStandard query (0)codec-activate.movavi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.014089108 CEST192.168.2.71.1.1.10x81a0Standard query (0)img.movavi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                    Oct 25, 2024 09:49:45.533200026 CEST1.1.1.1192.168.2.70xa07fNo error (0)start.turbo.net104.26.14.179A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 25, 2024 09:49:45.533200026 CEST1.1.1.1192.168.2.70xa07fNo error (0)start.turbo.net172.67.75.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 25, 2024 09:49:45.533200026 CEST1.1.1.1192.168.2.70xa07fNo error (0)start.turbo.net104.26.15.179A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 25, 2024 09:49:57.672856092 CEST1.1.1.1192.168.2.70x494aNo error (0)mip2.movavi.comlsw-03-balancer.movavi.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                    Oct 25, 2024 09:49:57.672856092 CEST1.1.1.1192.168.2.70x494aNo error (0)lsw-03-balancer.movavi.com84.16.252.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.120722055 CEST1.1.1.1192.168.2.70xa6bNo error (0)codec-activate.movavi.comlsw-03-balancer.movavi.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                    Oct 25, 2024 09:49:59.120722055 CEST1.1.1.1192.168.2.70xa6bNo error (0)lsw-03-balancer.movavi.com84.16.252.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.036793947 CEST1.1.1.1192.168.2.70x81a0No error (0)img.movavi.comdb4t5hkfesjuw.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.036793947 CEST1.1.1.1192.168.2.70x81a0No error (0)db4t5hkfesjuw.cloudfront.net18.66.112.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.036793947 CEST1.1.1.1192.168.2.70x81a0No error (0)db4t5hkfesjuw.cloudfront.net18.66.112.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.036793947 CEST1.1.1.1192.168.2.70x81a0No error (0)db4t5hkfesjuw.cloudfront.net18.66.112.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.036793947 CEST1.1.1.1192.168.2.70x81a0No error (0)db4t5hkfesjuw.cloudfront.net18.66.112.127A (IP address)IN (0x0001)false

                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                    • start.turbo.net
                                                                                                                                                                                                                    • mip2.movavi.com
                                                                                                                                                                                                                    • codec-activate.movavi.com
                                                                                                                                                                                                                    • img.movavi.com

                                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    0192.168.2.74975118.66.112.33807888C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.057509899 CEST335OUTGET /webnagscreens/crossale_suite/style.css HTTP/1.1
                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                    Host: img.movavi.com
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.880300045 CEST1036INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Content-Type: text/css
                                                                                                                                                                                                                    Content-Length: 5877
                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                    Date: Fri, 25 Oct 2024 06:30:27 GMT
                                                                                                                                                                                                                    Last-Modified: Thu, 09 Feb 2017 08:57:25 GMT
                                                                                                                                                                                                                    ETag: "f1759a3a2e4a1322edfad7386beb3a9e"
                                                                                                                                                                                                                    x-amz-meta-s3b-last-modified: 20170209T085719Z
                                                                                                                                                                                                                    x-amz-version-id: null
                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                    Server: AmazonS3
                                                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                    X-Cache: Hit from cloudfront
                                                                                                                                                                                                                    Via: 1.1 3517ce13630d84c5b14e88de469985cc.cloudfront.net (CloudFront)
                                                                                                                                                                                                                    X-Amz-Cf-Pop: FRA56-P5
                                                                                                                                                                                                                    X-Amz-Cf-Id: Dg7KgGX-VKPXpoT-DyOefo719yQR4Db7pfQRlUEdGyhS0Ry94xTZfA==
                                                                                                                                                                                                                    Age: 4774
                                                                                                                                                                                                                    Content-Security-Policy: frame-ancestors http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production; report-to csp-endpoint
                                                                                                                                                                                                                    Report-To: {"group": "csp-endpoint", "max_age":86400,"endpoints":[{"url":"https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production"}]}
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.880673885 CEST1236INData Raw: 2f 2a 09 54 68 61 74 20 69 73 20 61 20 6d 61 69 6e 20 63 73 73 20 66 69 6c 65 20 66 6f 72 20 63 72 6f 73 73 61 6c 65 20 73 75 69 74 65 20 2a 2f 0a 0a 2a 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 70 78 3b
                                                                                                                                                                                                                    Data Ascii: /*That is a main css file for crossale suite */* {margin: 0px;padding: 0px;}:focus {outline: none;}body {overflow: hidden;font-family: Arial, sans-serif;}.container {width: 800px;height: 450px;background: #b9cbe1 url(
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.880776882 CEST1236INData Raw: 69 67 68 74 3a 20 32 33 70 78 3b 7d 0a 2e 63 6f 6e 74 61 69 6e 65 72 2e 7a 68 5f 74 77 20 2e 72 74 2d 74 65 78 74 2d 34 20 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 36 70 78 3b 7d 0a 2e 63 6f 6e 74 61 69 6e 65 72 2e 7a 68 5f 74 77 20 2e 72 74
                                                                                                                                                                                                                    Data Ascii: ight: 23px;}.container.zh_tw .rt-text-4 {line-height: 16px;}.container.zh_tw .rt-text-5 {line-height: 17px;}.container.zh_tw .stripe p {padding: 0; line-height: 25px;}.top {height: 60px;}.left {width: 285px;height: 390px;float:
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.880790949 CEST1236INData Raw: 61 64 64 69 6e 67 3a 20 31 35 70 78 20 30 20 30 20 32 35 70 78 3b 0a 7d 0a 2e 6a 70 20 2e 72 74 2d 74 65 78 74 2d 35 2c 20 2e 6b 72 20 2e 72 74 2d 74 65 78 74 2d 35 2c 20 2e 63 6e 20 2e 72 74 2d 74 65 78 74 2d 35 20 7b 0a 09 70 61 64 64 69 6e 67
                                                                                                                                                                                                                    Data Ascii: adding: 15px 0 0 25px;}.jp .rt-text-5, .kr .rt-text-5, .cn .rt-text-5 {padding: 8px 0 0 25px;}.right-middle {height: 141px;padding: 6px 0 0 2px; }.de .right-middle, .it .right-middle, .tr .right-middle {height: 170px;padding: 0
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.880805969 CEST1236INData Raw: 6c 28 22 62 74 6e 5f 63 6c 6f 73 65 5f 64 65 2e 70 6e 67 22 29 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 7d 0a 2e 72 75 20 2e 63 6c 6f 73 65 20 73 70 61 6e 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 22 62 74 6e 5f 63 6c 6f 73 65 5f 72
                                                                                                                                                                                                                    Data Ascii: l("btn_close_de.png") no-repeat;}.ru .close span {background: url("btn_close_ru.png") no-repeat;}.fr .close span {background: url("btn_close_fr.png") no-repeat;}.es .close span {background: url("btn_close_es.png") no-repeat;}.it
                                                                                                                                                                                                                    Oct 25, 2024 09:50:01.881150961 CEST933INData Raw: 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 22 62 74 6e 5f 62 75 79 5f 69 74 2e 70 6e 67 22 29 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 7d 0a 2e 6a 70 20 2e 62 75 79 20 73 70 61 6e 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 22 62 74 6e
                                                                                                                                                                                                                    Data Ascii: ckground: url("btn_buy_it.png") no-repeat;}.jp .buy span {background: url("btn_buy_jp.png") no-repeat;}.nl .buy span {background: url("btn_buy_nl.png") no-repeat;}.pl .buy span {background: url("btn_buy_pl.png") no-repeat;}.pt .b
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.445831060 CEST332OUTGET /webnagscreens/crossale_suite/it.png HTTP/1.1
                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                    Host: img.movavi.com
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957102060 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                    Content-Length: 38149
                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                    Date: Fri, 25 Oct 2024 07:50:03 GMT
                                                                                                                                                                                                                    Last-Modified: Wed, 19 Nov 2014 07:38:30 GMT
                                                                                                                                                                                                                    ETag: "697d3b9663340d6e6b986b6554860060"
                                                                                                                                                                                                                    x-amz-version-id: null
                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                    Server: AmazonS3
                                                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                    X-Cache: Miss from cloudfront
                                                                                                                                                                                                                    Via: 1.1 3517ce13630d84c5b14e88de469985cc.cloudfront.net (CloudFront)
                                                                                                                                                                                                                    X-Amz-Cf-Pop: FRA56-P5
                                                                                                                                                                                                                    X-Amz-Cf-Id: fvXmWdXOxbgNYdhFo_-qdDtTtCEKNoZ4m34L4elUt41VrRLjSl8MmQ==
                                                                                                                                                                                                                    Content-Security-Policy: frame-ancestors http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production; report-to csp-endpoint
                                                                                                                                                                                                                    Report-To: {"group": "csp-endpoint", "max_age":86400,"endpoints":[{"url":"https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production"}]}
                                                                                                                                                                                                                    Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 20 00 00 01 c2 08 03 00 00 00 20 bd 5d fa 00 00 03 00 50 4c 54 45 5e 79 a6 bc cb de d9 d9 d9 54 6f 9f 5e 79 a8 60 78 a5 bb cd de 7c 95 bd 59 74 a2 5e 79 a4 51 6e 9c 0f 11 11 63 7e a9 80 99 bf 15 17 17 78 91 b9 6e 87 b1 66 81 ac 5b 77 a4 71 8a b4 6b 85 af 0c 0e 0d 75 8f b7 56 72 a0 60 78 a1 e0 e0 e0 81 9a c1 e9 e9 e9 db db db 60 7a a3 e3 e3 e3 57 72 a1 74 8d b5 61 7c a9 5f 7a a5 69 81 ae 5f 7b a8 bb cb e3 13 15 15 11 13 13 dd dd dd 72 8b b4 7a 93 bb 5d 78 a5 f1 f1 f1 96 af d4 01 9e e0 ff ff ff 18 1a 1a 1a 1d 1d 54 6b 9d bb ca dd ef ef ef 43 5f 8f 5d 79 a9 a4 b9 d7 b7 cc e3 bc cd e1 f4 f4 f5 e5 e5 e5 64 7a a0 eb eb eb ed ed ed 89 a2 ca 1e 20 21 ba cc e2 5f 79 ac de de d9 29 2b 2b 94 ad d2 90 a9 cc a2 ba
                                                                                                                                                                                                                    Data Ascii: PNGIHDR ]PLTE^yTo^y`x|Yt^yQnc~xnf[wqkuVr`x`zWrta|_zi_{rz]xTkC_]ydz !_y)++
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957299948 CEST1236INData Raw: db 25 28 28 b6 cb e8 4e 6a 9a 9f aa ba b8 ca e0 2d 2f 2f bb cc da 36 38 39 21 24 25 e7 e8 e5 77 90 b8 41 43 44 d2 00 86 30 34 35 ba c9 db 60 79 9c 49 65 95 3b 3e 3f 8b a4 ca 4b 4f 50 ba cb df 01 98 d8 44 49 4a 53 6e 9d 26 23 24 50 53 54 5a 6a 87
                                                                                                                                                                                                                    Data Ascii: %((Nj-//689!$%wACD045`yIe;>?KOPDIJSn&#$PSTZjKhVllln]^`{ddeYXYmLJK530s|ttv|{}2bgn,iq{A<9Ooy
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957334995 CEST424INData Raw: a5 7d fd 4c 16 65 e0 df 8b 04 d5 f6 aa 16 d2 51 f9 48 90 10 30 15 b7 b9 74 05 dd e4 2d f2 ae 77 28 c1 d0 b2 f2 21 69 b1 16 91 94 f4 11 8e 93 38 00 46 72 5d 9b 73 1e 8b 75 11 50 03 49 f3 e7 f6 10 6b 30 1f 79 31 ff 1a 67 a1 0e 88 e6 a2 50 c6 95 a3
                                                                                                                                                                                                                    Data Ascii: }LeQH0t-w(!i8Fr]suPIk0y1gP"")OHIcAlQ4Pv4M]KG@}@guhBE@(ic'#zQWCDAPj) 0CIdy<g@LuwezHbq
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957431078 CEST1236INData Raw: 95 0e a2 ef 2a ca b2 4b 88 e4 5c 67 12 c0 04 6a 3e 4f 32 df fd b2 2d d4 2d de 94 d6 61 2c 0a 40 6f b5 1d 44 bd af 4a 88 8c b9 e4 ea 0a 0b 17 59 60 02 47 72 2e 85 fb 79 57 54 55 55 b6 1b fa a0 7a 5e 07 d1 01 51 3d 64 11 d6 42 05 04 97 58 60 04 87
                                                                                                                                                                                                                    Data Ascii: *K\gj>O2--a,@oDJY`Gr.yWTUUz^Q=dBX`a*;HJYi#b%p\bW)8eTv=\Jwus(2%2{OF^E; +>"<#g)2*S]0I8wGpV9g7^5yP<b
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957467079 CEST1236INData Raw: 48 1f 60 20 0d d8 37 85 39 3b 1b 08 44 49 cd 5e a7 0a 76 e5 a7 89 44 b0 4f 7d 18 21 3f ba 57 ab f1 74 42 81 90 46 9e f1 03 60 1b 36 8e fd 7d 60 20 8d d9 db 49 87 9f 20 d6 f9 6e 12 05 32 d8 24 16 22 77 7c 14 69 e8 c3 1f ad 5b 1c e9 98 b3 3d 8b 90
                                                                                                                                                                                                                    Data Ascii: H` 79;DI^vDO}!?WtBF`6}` I n2$"w|i[={'!"LBL\2B+*}/}L&<$0,2@cJrj (c}{;a*-|\(dt2.=ixa!NdYnsw^)$6J&F
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.957503080 CEST344INData Raw: 66 d9 1a 94 e0 35 d9 4d c6 0d f1 a0 0b 23 b9 b1 24 42 90 1f 7a 87 76 dc a1 b7 75 89 2f 46 bc 3e 16 fc 56 c5 80 1f ab ba de 48 fc a8 ae 1d 3d a6 50 6c 2b 48 66 30 e9 12 6b c0 b7 20 20 f7 fe fd fb 5d 3f 90 08 13 70 84 1a e8 4c 3c cf a3 2e b2 25 e4
                                                                                                                                                                                                                    Data Ascii: f5M#$Bzvu/F>VH=Pl+Hf0k ]?pL<.%#A f'Gc]~#$:.;*t -W(:"HL=sUj,(IDYaQ%{'OG/&OBCb{RY(aqQ7 C;AV!
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.129914045 CEST340OUTGET /webnagscreens/crossale_suite/btn_buy_it.png HTTP/1.1
                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                    Host: img.movavi.com
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.603952885 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                    Content-Length: 18237
                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                    Date: Fri, 25 Oct 2024 07:50:04 GMT
                                                                                                                                                                                                                    Last-Modified: Tue, 04 Mar 2014 06:01:54 GMT
                                                                                                                                                                                                                    ETag: "fc2597c59c8c818796b58a044ba05be1"
                                                                                                                                                                                                                    x-amz-meta-cb-modifiedtime: Tue, 04 Mar 2014 05:58:09 GMT
                                                                                                                                                                                                                    x-amz-version-id: null
                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                    Server: AmazonS3
                                                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                    X-Cache: Miss from cloudfront
                                                                                                                                                                                                                    Via: 1.1 3517ce13630d84c5b14e88de469985cc.cloudfront.net (CloudFront)
                                                                                                                                                                                                                    X-Amz-Cf-Pop: FRA56-P5
                                                                                                                                                                                                                    X-Amz-Cf-Id: iBLx5dZVX6tb-DD4jGPBAOTzulvV_W68tztSMcQuVMRfvb0QirkP9w==
                                                                                                                                                                                                                    Content-Security-Policy: frame-ancestors http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production; report-to csp-endpoint
                                                                                                                                                                                                                    Report-To: {"group": "csp-endpoint", "max_age":86400,"endpoints":[{"url":"https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production"}]}
                                                                                                                                                                                                                    Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 24 00 00 00 27 08 02 00 00 00 29 78 a2 a1 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 1a 74 45 58 74 53 6f 66 74 77 61 72 65 00 50 61 69 6e 74 2e 4e 45 54 20 76 33 2e 35 2e 31 30 30 f4 72 a1 00 00 46 ac 49 44 41 54 78 5e ed bd 87 77 1c c7 95 2f ac ff e0 7b 9f 83 24 07 05 ca ca 22 29 e6 9c 29 92 00 33 40 00 0c 00 48 82 99 54 a0 c4 28 4a 72 f6 da 6b fb d9 6b ef db b5 bc bb 0e 92 b3 1c 56 5e 4b 22 89 cc 20 12 61 66 90
                                                                                                                                                                                                                    Data Ascii: PNGIHDR$')xsRGBgAMAapHYs~tEXtSoftwarePaint.NET v3.5.100rFIDATx^w/{$"))3@HT(JrkkV^K" af


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    1192.168.2.74976818.66.112.33807888C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    Oct 25, 2024 09:50:02.452626944 CEST342OUTGET /webnagscreens/crossale_suite/btn_close_it.png HTTP/1.1
                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                    Host: img.movavi.com
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543100119 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                    Content-Length: 10564
                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                    Date: Fri, 25 Oct 2024 07:50:04 GMT
                                                                                                                                                                                                                    Last-Modified: Tue, 04 Mar 2014 06:01:58 GMT
                                                                                                                                                                                                                    ETag: "a486b43dd1e8543cf1edbcf5111a8969"
                                                                                                                                                                                                                    x-amz-meta-cb-modifiedtime: Tue, 04 Mar 2014 05:56:40 GMT
                                                                                                                                                                                                                    x-amz-version-id: null
                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                    Server: AmazonS3
                                                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                    X-Cache: Miss from cloudfront
                                                                                                                                                                                                                    Via: 1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
                                                                                                                                                                                                                    X-Amz-Cf-Pop: FRA56-P5
                                                                                                                                                                                                                    X-Amz-Cf-Id: tQ8AgXsYViNGECuDqPYMOqApU-ZV5_GUQu6dpRwTmzP-yQX8hUBF1A==
                                                                                                                                                                                                                    Content-Security-Policy: frame-ancestors http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production; report-to csp-endpoint
                                                                                                                                                                                                                    Report-To: {"group": "csp-endpoint", "max_age":86400,"endpoints":[{"url":"https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production"}]}
                                                                                                                                                                                                                    Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 24 00 00 00 27 08 02 00 00 00 29 78 a2 a1 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 1a 74 45 58 74 53 6f 66 74 77 61 72 65 00 50 61 69 6e 74 2e 4e 45 54 20 76 33 2e 35 2e 31 30 30 f4 72 a1 00 00 28 b3 49 44 41 54 78 5e ed 9d e7 7b 5b 37 b2 c6 fd 27 ef 73 ef dd 24 4e b2 f1 da b1 65 f5 46 75 51 2c 6a 94 a8 c2 de 8b 44 f5 e6 a6 5e 5c e2 64 4b 36 db b2 25 f9 7c 7f 38 2f 0d 33 47 94 23 6a 4b f2 c1 f3 4c 90 39 83 17 03
                                                                                                                                                                                                                    Data Ascii: PNGIHDR$')xsRGBgAMAapHYs~tEXtSoftwarePaint.NET v3.5.100r(IDATx^{[7's$NeFuQ,jD^\dK6%|8/3G#jKL9
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543164968 CEST1236INData Raw: 1c cc 0c 0a 25 53 b7 0a 7b 2f 2f 73 f1 d1 ab fc a3 97 f9 dd 17 b9 9d 97 c5 dd 2f e0 fc f6 f3 ec ce 69 6e f7 2c bb 7d 91 de 3c 4b 6d 9c 52 e6 76 9e c3 99 ad 73 1e 33 1b 67 75 19 98 18 98 95 df c1 d9 cd 73 d8 65 c4 70 bd e6 28 dd b0 37 7c 19 59 15
                                                                                                                                                                                                                    Data Ascii: %S{//s/in,}<KmRvs3gusep(7|Y.!Y8yZ0}dd{_H0}/n<W_B~Nn>7m_d2|S"{QyU{mdk|T?7F:'Mz4mMgN>ez8rT
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543203115 CEST1236INData Raw: 83 8f af ec 97 76 ce c7 e7 b3 c3 81 99 8e 9e be d0 4c b8 bc b4 0a 97 ca cb f9 42 29 9b 2b c0 85 62 b9 bc 54 29 be a7 1b 51 21 57 2c 17 59 b2 96 0a 85 c2 d2 12 e9 57 98 09 87 3a 3d 5d fd de c9 50 24 9f df 38 26 89 e2 ab 27 1c 2e 4c be 6d 9f 29 b3
                                                                                                                                                                                                                    Data Ascii: vLB)+bT)Q!W,YW:=]P$8&'.Lm)fq|U`lxfvq>&Vu@)ff(B3/._)pI2kIEsS_=,nlr}T*Mrlh&FE4|;A*CBaT.3P,~
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543526888 CEST636INData Raw: 06 c9 63 30 18 94 b2 51 7a f1 e2 05 6e c3 61 ea 42 99 ff d3 12 23 81 aa 0f 0e cd 86 e7 67 67 26 83 01 6f 47 4f 5f cf d8 5c 7e f7 55 62 ed 54 c9 86 9b 0a bb 17 78 8d bd 2e b5 71 4e 2a fa 42 e9 11 5f 30 1a 8d 93 69 e9 54 02 df 13 db 26 d9 d2 19 22
                                                                                                                                                                                                                    Data Ascii: c0QznaB#gg&oGO_\~UbTx.qN*B_0iT&"!"U2?d(1cR<{eAT+vN=~XtoeS&l&us#nvYir:_.rRcfJ"P>%3a:
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543562889 CEST1236INData Raw: 4f 89 6a 02 d0 49 15 6a 71 f1 f9 f9 39 b5 4e 0f 8d 11 d6 64 ca 26 1b 4a cc aa f6 e7 43 1c 28 cc 84 b3 c1 19 39 86 1f 3d 43 be f9 f4 4a 6a ed 04 d6 cd ed 16 c7 92 d4 da 59 8a 4b f6 c6 49 d7 e0 78 57 df 90 cf 1f d4 9e 46 a6 10 8d 64 19 41 40 8c 06
                                                                                                                                                                                                                    Data Ascii: OjIjq9Nd&JC(9=CJjYKIxWFdA@`gF^?}\a/sH0ydXzDF2%~_4KiIo;0_O9;.<}Sqv"ivddCH&b(4\+z:}L
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543597937 CEST1236INData Raw: a2 c9 da da 1a 3d 82 51 36 02 78 f4 e8 11 ee a0 21 5e 63 db e4 11 fb ba 6a 1e 1d 1d 61 87 56 04 98 56 13 36 4c 26 50 0d 95 6f 80 1b 22 33 6e 28 6a 5e ca 9c de 63 71 56 c0 07 cd 1d 36 d9 32 5b e7 66 67 63 9b 8b 2c ef e7 36 8e 3f f8 d5 83 87 0f 5b
                                                                                                                                                                                                                    Data Ascii: =Q6x!^cjaVV6L&Po"3n(j^cqV62[fgc,6?[z:Z[[[ZZ>|_ CJ.=%]S_LHJ0k4 XY)zAy}N %C4aLSwh{;>y104gVM<F)F(B`3-:::X:
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543632984 CEST1236INData Raw: 09 19 12 8c 56 18 e4 91 de 41 52 ca 8e 9a 5c 93 04 a6 61 47 47 57 af a7 93 55 96 65 9d 64 6b ea e8 e7 18 c9 b2 88 f3 38 8c 98 9b f6 ca 51 72 9d cb db 49 47 9f 77 d4 eb 23 c9 f5 31 af 71 b9 13 2b 0a ee 46 49 d1 46 70 2b 19 f0 1a f3 49 7a 10 fa 84
                                                                                                                                                                                                                    Data Ascii: VAR\aGGWUedk8QrIGw#1q+FIFp+Iz#jGSdb2X#$JzM+i2xECNGP0BK#cG=6Dz;Qgf_qq<GlAc<A1adN\_f(Yj
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.543668985 CEST1236INData Raw: 45 76 e4 bb bb bb 74 ca fe 46 bf 28 21 0d 4f 6b 2b a1 f2 fd f7 df d3 90 b5 83 0b 1b 4d f0 38 5d d3 10 02 49 2f 75 89 2a 4b 55 95 43 3c 32 4b 18 99 9d 99 26 d9 46 46 fd 77 9b 7b 8b e6 5f d9 54 93 4d 3f d4 3e e7 21 b1 66 fe 79 22 d7 b6 01 df 6c 5b
                                                                                                                                                                                                                    Data Ascii: EvtF(!Ok+M8]I/u*KUC<2K&FFw{_TM?>!fy"l[sax1lro 0$01G)o>@C-Dsu,P"cT$8cAAt^c``Ol4QUQ)Zd)ET*=%f5fh?c`\=c
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.544305086 CEST1236INData Raw: 51 2b 05 25 5d a0 44 23 59 7a 1e 9d c0 9b d5 0f be 08 62 64 61 28 9d 2b 65 f5 ab 96 f4 48 2d b2 25 1e 01 d8 84 81 10 94 90 52 0a 83 ac 64 40 80 1c 60 35 a3 68 ae 47 64 0d 4f 00 65 32 b5 b2 40 49 ef 1a 15 eb 08 48 ae 18 28 79 44 06 80 60 ac 5c 4d
                                                                                                                                                                                                                    Data Ascii: Q+%]D#Yzbda(+eH-%Rd@`5hGdOe2@IH(yD`\McN8kj&[n;e|<m5z<\#::Za_5@jHD!@`U<[DIGH`NX#&!!TYSBBG{yQ5 LQj`$
                                                                                                                                                                                                                    Oct 25, 2024 09:50:03.544342041 CEST1079INData Raw: af dc 62 7f 8b 96 1e 45 cb bb 89 a5 dd 99 78 71 64 72 b1 ab bb b7 b9 a5 ed b3 3b 77 3f ba fd c9 2f 3f fc e0 83 8f 3e 34 7f c2 e6 d3 4f 6a ff 56 4b 2d 7f 78 fb 83 8f 3e 06 e3 66 17 cc b2 05 d0 b0 b6 ed ed 8f 3e b0 18 64 3d be fb 6f d3 58 d8 75 f8
                                                                                                                                                                                                                    Data Ascii: bExqdr;w?/?>4OjVK-x>f>d=oXu5NjoUOw{}#X)ZG0eP74Vhq$#wNOkgOKGgs{IX[fYv,`]0.ef1njmkOM-f"M&9ZzZ}=M~


                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    0192.168.2.749699104.26.14.1794437276C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-25 07:49:46 UTC500OUTPOST /services/1.0/activity/vm-18.4.1281.0/run HTTP/1.1
                                                                                                                                                                                                                    Spoon-ConfigId: 9D0F48FB-5A85-4D60-82CD-6B9F784D932B
                                                                                                                                                                                                                    Spoon-ConfigDigest: dd217e68ba4377edc484768b4f73528b
                                                                                                                                                                                                                    Spoon-BuildId: CFFB171A-E983-4234-BD47-C5170F552F60
                                                                                                                                                                                                                    Spoon-MacDigest: F2975D73EFCEDDB89CC9438A1FB4AF6C8F8B857B
                                                                                                                                                                                                                    Spoon-DeviceIp: 192.168.2.7
                                                                                                                                                                                                                    Spoon-TrialProduct: True
                                                                                                                                                                                                                    Spoon-StartupFile: @APPDATA@\Movavi Slideshow Maker 4\SlideshowMaker.exe
                                                                                                                                                                                                                    User-Agent: SpoonVm/1.0
                                                                                                                                                                                                                    Host: start.turbo.net
                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-25 07:49:46 UTC671INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Date: Fri, 25 Oct 2024 07:49:46 GMT
                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Cache-Control: public
                                                                                                                                                                                                                    X-AspNet-Version: 4.0.30319
                                                                                                                                                                                                                    X-Powered-By: ASP.NET
                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains;
                                                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K4707mWjetoyRwmWJEWyoRktGr4BpsBS71qTAQsVVSiXjJpRR3L5WaBSlKMoQsQ0K%2F4R%2FLZSSasVb6smUOK75qUOQqhIhK7%2BIEiIsabBDoo0SI48Zhd%2FqWFrfcU4Mt6Ynw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                    CF-RAY: 8d809ca4ea25467d-DFW


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    1192.168.2.74973184.16.252.1074437888C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-25 07:49:59 UTC508OUTGET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_close&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95&protocol=1&rnd=29789&os=win&act_key= HTTP/1.1
                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                    Host: mip2.movavi.com
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    2024-10-25 07:49:59 UTC603INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Date: Fri, 25 Oct 2024 07:49:59 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                    Cache-Control: no-cache, private
                                                                                                                                                                                                                    X-Nagscreen-Id: 226
                                                                                                                                                                                                                    X-Nagscreen-Name: ss_crosssale_suite_30off
                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                    X-Robots-Tag: noindex, nofollow
                                                                                                                                                                                                                    X-Country-Code: US
                                                                                                                                                                                                                    X-Country-Name: United States
                                                                                                                                                                                                                    X-Region-Code: TX
                                                                                                                                                                                                                    X-Region-Name: Texas
                                                                                                                                                                                                                    X-City-Name: Killeen
                                                                                                                                                                                                                    X-Postal-Code: 76549
                                                                                                                                                                                                                    X-Client-Timezone: America/Chicago
                                                                                                                                                                                                                    2024-10-25 07:49:59 UTC3493INData Raw: 65 65 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0d 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a
                                                                                                                                                                                                                    Data Ascii: eee<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
                                                                                                                                                                                                                    2024-10-25 07:49:59 UTC341INData Raw: 5f 75 72 6c 3d 73 73 5f 63 72 6f 73 73 73 61 6c 65 5f 73 75 69 74 65 5f 33 30 6f 66 66 22 20 6e 61 6d 65 3d 22 62 75 79 22 20 6f 6e 63 6c 69 63 6b 3d 22 67 61 28 27 73 65 6e 64 27 2c 20 27 70 61 67 65 76 69 65 77 27 2c 27 2f 62 75 79 2d 73 6c 69 64 65 73 68 6f 77 63 72 65 61 74 6f 72 2d 73 73 5f 31 5f 63 72 6f 73 73 73 61 6c 65 5f 73 75 69 74 65 5f 33 30 6f 66 66 2d 6e 61 67 2d 69 74 27 29 3b 20 67 61 28 27 73 65 6e 64 27 2c 27 65 76 65 6e 74 27 2c 27 62 75 74 74 6f 6e 27 2c 27 62 75 79 27 2c 27 73 6c 69 64 65 73 68 6f 77 63 72 65 61 74 6f 72 27 29 3b 22 3e 3c 73 70 61 6e 20 6f 6e 63 6c 69 63 6b 3d 22 77 69 6e 64 6f 77 2e 65 78 74 65 72 6e 61 6c 2e 4f 6e 43 6c 6f 73 65 28 29 3b 22 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                                                                                                                                    Data Ascii: _url=ss_crosssale_suite_30off" name="buy" onclick="ga('send', 'pageview','/buy-slideshowcreator-ss_1_crosssale_suite_30off-nag-it'); ga('send','event','button','buy','slideshowcreator');"><span onclick="window.external.OnClose();"></span></a> <


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    2192.168.2.74973284.16.252.1074437888C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-25 07:49:59 UTC508OUTGET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_start&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95&protocol=1&rnd=29792&os=win&act_key= HTTP/1.1
                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                    Host: mip2.movavi.com
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    2024-10-25 07:49:59 UTC349INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                    Date: Fri, 25 Oct 2024 07:49:59 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                    Cache-Control: no-cache, private
                                                                                                                                                                                                                    X-Error-Ex: Not found nagscreens from DB
                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                    2024-10-25 07:49:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    3192.168.2.74973884.16.252.1074437888C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-25 07:50:00 UTC227OUTGET /api/v1/codec/all/?akey=&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95 HTTP/1.1
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                    Accept-Language: en-CH,*
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0
                                                                                                                                                                                                                    Host: codec-activate.movavi.com
                                                                                                                                                                                                                    2024-10-25 07:50:00 UTC457INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Date: Fri, 25 Oct 2024 07:50:00 GMT
                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    X-Cluster: lsw-06
                                                                                                                                                                                                                    X-Cluster-Country: EU
                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                    X-Country-Code: US
                                                                                                                                                                                                                    X-Country-Name: United States
                                                                                                                                                                                                                    X-Region-Code: TX
                                                                                                                                                                                                                    X-Region-Name: Texas
                                                                                                                                                                                                                    X-City-Name: Killeen
                                                                                                                                                                                                                    X-Postal-Code: 76549
                                                                                                                                                                                                                    X-Client-Timezone: America/Chicago
                                                                                                                                                                                                                    2024-10-25 07:50:00 UTC12INData Raw: 32 0d 0a 5b 5d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 2[]0


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    4192.168.2.74974884.16.252.1074437888C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-25 07:50:01 UTC517OUTGET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=capture_screencast&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95&protocol=1&rnd=29792&os=win&act_key= HTTP/1.1
                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                    Host: mip2.movavi.com
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    2024-10-25 07:50:01 UTC349INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                    Date: Fri, 25 Oct 2024 07:50:01 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                    Cache-Control: no-cache, private
                                                                                                                                                                                                                    X-Error-Ex: Not found nagscreens from DB
                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                    2024-10-25 07:50:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    5192.168.2.74974984.16.252.1074437888C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-25 07:50:01 UTC511OUTGET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=major_update&huid=4ced03854cc6a95a6624cd0f09793cbc54da0a95&protocol=1&rnd=29792&os=win&act_key= HTTP/1.1
                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                    Host: mip2.movavi.com
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    2024-10-25 07:50:01 UTC349INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                    Date: Fri, 25 Oct 2024 07:50:01 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                    Cache-Control: no-cache, private
                                                                                                                                                                                                                    X-Error-Ex: Not found nagscreens from DB
                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                    2024-10-25 07:50:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                    Start time:03:49:42
                                                                                                                                                                                                                    Start date:25/10/2024
                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe"
                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                    File size:80'474'129 bytes
                                                                                                                                                                                                                    MD5 hash:0CD8F9EDC5183F8729598F19CF2DA06B
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                    Start time:03:49:46
                                                                                                                                                                                                                    Start date:25/10/2024
                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe" /864A627C-C6B2-464A-AA13-25D62F282BD8
                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                    File size:27'736 bytes
                                                                                                                                                                                                                    MD5 hash:46938D51A127BCF45160C5D857F5DB37
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                    No disassembly